xref: /illumos-gate/usr/src/man/man2/acl.2 (revision bbf21555) 
 te
 Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 ACL 2 "Jan 10, 2007"
 NAME
acl, facl - get or set a file's Access Control List (ACL)

 SYNOPSIS


#include <sys/acl.h>

int acl(char *pathp, int cmd, int nentries, void *aclbufp);






int facl(int fildes, int cmd, int nentries, void *aclbufp);




 DESCRIPTION

The acl() and facl() functions get or set the ACL of a file
whose name is given by pathp or referenced by the open file descriptor
fildes. The nentries argument specifies how many ACL entries
fit into buffer aclbufp. The acl() function is used to manipulate
ACL on file system objects.


The following types are supported for aclbufp:
aclent_t


Used by the UFS file system.



ace_t


Used by the ZFS and NFSv4 file systems.





The following values for cmd are supported:
SETACL


nentries aclent_t ACL entries, specified in buffer
aclbufp, are stored in the file's ACL. All directories in the path
name must be searchable.



GETACL


Buffer aclbufp is filled with the file's aclent_t ACL
entries. Read access to the file is not required, but all directories in the
path name must be searchable.



GETACLCNT


The number of entries in the file's aclent_t ACL is returned. Read
access to the file is not required, but all directories in the path name must
be searchable.



ACE_SETACL


nentries ace_t ACL entries, specified in buffer aclbufp, are
stored in the file's ACL. All directories in the path name must be searchable.
Write ACL access is required to change the file's ACL.



ACE_GETACL


Buffer aclbufp is filled with the file's ace_t ACL entries. Read
access to the file is required and all directories in the path name must be
searchable.



ACE_GETACLCNT


The number of entries in the file's ace_t ACL is returned. Read access
to the file is required and all directories in the path name must be
searchable.




 RETURN VALUES

Upon successful completion, acl() and facl() return 0 if
cmd is SETACL or ACE_SETACL. If cmd is GETACL,
GETACLCNT, ACE_GETACL or ACE_GETACLCNT, the number of
ACL entries is returned. Otherwise, -1 is returned and
errno is set to indicate the error.

 ERRORS

The acl() function will fail if:
EACCES


The caller does not have access to a component of the pathname.



EFAULT


The pathp or aclbufp argument points to an illegal address.



EINVAL


The cmd argument is not GETACL, SETACL, ACE_GETACL,
GETACLCNT, or ACE_GETACLCNT; the cmd argument is
SETACL and nentries is less than 3; or the cmd argument is
SETACL or ACE_SETACL and the ACL specified in aclbufp
is not valid.



EIO


A disk I/O error has occurred while storing or retrieving the ACL.



ENOENT


A component of the path does not exist.



ENOSPC


The cmd argument is GETACL and nentries is less than the
number of entries in the file's ACL, or the cmd argument is
SETACL and there is insufficient space in the file system to store the
ACL.



ENOSYS


The cmd argument is SETACL or ACE_SETACL and the file
specified by pathp resides on a file system that does not support
ACLs, or the acl() function is not supported by this
implementation.



ENOTDIR


A component of the path specified by pathp is not a directory, or the
cmd argument is SETACL or ACE_SETACL and an attempt is made
to set a default ACL on a file type other than a directory.



ENOTSUP


The cmd argument is GETACL, but the ACL is composed of ace_t
entries, and the ACL cannot be translated into aclent_t form.
The cmd argument is ACE_SETACL, but the underlying filesystem only
supports ACLs composed of aclent_t entries and the ACL could not be
translated into aclent_t form.



EPERM


The effective user ID does not match the owner of the file and the
process does not have appropriate privilege.



EROFS


The cmd argument is SETACL or ACE_SETACL and the file
specified by pathp resides on a file system that is mounted read-only.




 ATTRIBUTES

See attributes(7) for descriptions of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving



 SEE ALSO

 getfacl (1),  setfacl (1),  aclcheck (3SEC),  aclsort (3SEC)