diff options
| author | Nathan Scott <nathans@sgi.com> | 2002-03-26 22:12:14 +0000 |
|---|---|---|
| committer | Nathan Scott <nathans@sgi.com> | 2002-03-26 22:12:14 +0000 |
| commit | 29e231a37a070c4961330dc1f0bb0dfc56fcc5ae (patch) | |
| tree | 0c30ad77e6701630da466c8b39dd81aaa766230a | |
| parent | 36289a951fd729241dafc92bc2a81679764ba31f (diff) | |
| download | acl-29e231a37a070c4961330dc1f0bb0dfc56fcc5ae.tar.gz | |
bump version number to 2.0.5 - section 3 added to man pages, some
code reorg in libacl to be more p1003.1eD17 compliant.
59 files changed, 4587 insertions, 497 deletions
@@ -3,5 +3,5 @@ # PKG_MAJOR=2 PKG_MINOR=0 -PKG_REVISION=4 +PKG_REVISION=5 PKG_BUILD=0 diff --git a/debian/changelog b/debian/changelog index f56d02f..2510615 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +acl (2.0.5-1) unstable; urgency=low + + * New upstream release + + -- Nathan Scott <nathans@debian.org> Wed, 27 Mar 2002 08:47:58 +1100 + acl (2.0.4-2) unstable; urgency=low * Fix attr-dev build dependency issue (closes: #138280) diff --git a/doc/CHANGES b/doc/CHANGES index 1e3dadf..0bc0ad8 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -1,5 +1,18 @@ -[cvs] -* Fix up acl_to_text compliance with POSIX draft (from Andreas). +2.0.5 (26 March 2002) +* Fix up acl_to_text compliance with POSIX draft. +* Add the new acl(5) manual page. +* Add a manual section 3 directory and Makefile. +* Add the libacl manual pages. +* Rename the existing acl_to_any_text function to __acl_to_any_text, and + add a new acl_to_any_text function that only contains parameters that + are actually useful. Make acl_to_text and acl_to_any_text invoke + __acl_to_any_text internally. Update all uses of acl_to_any_text in + getfacl/getfacl.c, setfacl/do_set.c, and chacl/chacl.c. +* Move the acl_size function form the LIBACL_CFILES to the POSIX_CFILES + section (it is a POSIX function) +* Rearrange libacl routines so that several non-POSIX routines which + were being exported are no longer exported (eg. acl_entry_to_any_str, + acl_get_file_mode, acl_get_fd_mode, acl_set_file_mode, acl_set_fd_mode). 2.0.4 (12 March 2002) * Man page updates from Andreas diff --git a/doc/Makefile b/doc/Makefile index 4f9319b..b3b4add 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -33,7 +33,8 @@ TOPDIR = .. include $(TOPDIR)/include/builddefs -LSRCFILES = extensions.txt libacl.txt TODO PORTING CHANGES LICENSE INSTALL +LSRCFILES = extensions.txt libacl.txt TODO PORTING CHANGES LICENSE INSTALL \ + old-acl.5 LDIRT = *.gz default: CHANGES.gz diff --git a/doc/old-acl.5 b/doc/old-acl.5 new file mode 100644 index 0000000..18bf783 --- /dev/null +++ b/doc/old-acl.5 @@ -0,0 +1,263 @@ +.\" +.\" Access Control Lists +.\" +.\" Documentation for the Linux implementation +.\" (C) Andreas Gruenbacher, 1999 +.\" +.TH ACL 5 "Access Control Lists" "Sep 1999" "Access Control Lists" +.SH NAME +acl - Access Control Lists +.SH DESCRIPTION +This document describes Posix-style access control lists as implemented under +Linux. Access control lists (ACLs) are used to define access to files +and directories. + +In portable programs, the Posix 1003.1e Draft Standard 17 library +functions should be used for mainpulating ACL. On most platforms, the +ACL entry manipulation functions are not available, so relying only on +the ACL manipulation and format conversion functions (ACL to and from +text format) is more portable. The library functions are declared in +the +.I sys/acl.h +header file. + +.SH ACCESS CONTROL LIST ENTRIES +An access control list contains a number of entries of various types. Each entry stands for permissions granted to a user, or to a group of users. +.PP +An ACL may contain entries with the following entry tag types. +.PP +.RS +.fam C +.nf +ACL_USER_OBJ (owner) +ACL_USER (named user) +ACL_GROUP_OBJ (owning group) +ACL_GROUP (named group) +ACL_MASK (effective rights mask) +ACL_OTHER (other users) +.fi +.fam T +.RE +.PP +The +ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER entries +correspond to the traditional file mode permission bits. There is +exactly one each of these entries in a valid ACL. +.PP +ACL_USER and ACL_GROUP +entries define explicit rights for users and groups, respectively. For +entries of these two types, +.I a_id[0] +is set to the ID of the user or group in question. Whenever there are +any entries of the last two types in the ACL, an ACL_MASK +entry is also required. + +An ACL_MASK entry limits the effective rights granted +to named users or groups. The efective rights granted are those +that are both granted by the user's or group's entry, and by the ACL_MASK entry. The ACL_MASK entry does not apply to the ACL_USER_OBJ and ACL_OTHER entries. +.PP +The lowest three bits of +.I a_perm +define the rights granted to the user the entry applies to, just like +the bits in the traditional file mode. This results in a value between 0 and 7 +(from 0 standing for no access to 7 standing for read, write, and execute access). For accessing these bits, the constants ACL_READ, ACL_WRITE and ACL_EXECUTE should be used. + +.SH VALID ACCESS CONTROL LISTS +Each valid ACL has as a minimum the three required base entries +ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER. These entries correspond +to the traditional Posix permission bits. There must be exactly one each +of these three entries. The permission mask `rw-r-----' corresponds to the +following entries: +.sp +.RS +.fam C +.nf + u::rw- (ACL_USER_OBJ entry) + g::r-- (ACL_GROUP_OBJ entry) + o::--- (ACL_OTHER entry) +.fi +.fam T +.RE +.PP +An ACL must also contain exactly one ACL_MASK entry, if it contains +additional ACL_USER or ACL_GROUP entries. For each user or group, there +must be at most one ACL_USER or ACL_GROUP entry per access control list. An ACL may also contain an ACL_MASK entry if no ACL_USER or ACL_GROUP entries exist. +.sp +.RS +.fam C +.nf + u:joe:rw- (ACL_USER entry) + g:webteam:rw- (ACL_GROUP entry) + m::rw- (ACL_MASK entry) +.fi +.fam T +.RE +.PP +.SS THE ACL_MASK ENTRY +The purpose of the ACL_MASK entry is to limit +the effective rights granted to groups and named users in +the ACL. The effective rights granted to a user or a group with an ACL_USER +or an ACL_GROUP entry are those which are listed in both the ACL_USER +or ACL_GROUP entry +.I and +the ACL_MASK entry. The ACL_USER_OBJ and ACL_OTHER entries +are not affected by the ACL_MASK entry. + +.SH PERMISSIONS +The permissions required for manipulating ACLs of an inode are similar +to the permissions required for manipulating the file mode. Processes +with search access to a file are granted the right to read ACLs. Only the +file owner and processes capable of CAP_FOWNER are granted the right to +modify ACLs. (On current Linux systems, root is the only user with the +CAP_FOWNER capability.) + +.SH DETERMINING ACCESS +When a process requests access to a file, the following algorithm determines whether access is granted or not. The input to the algorithm is a set of requested permissions (read, write, execute). + +.SS (1) "Find a matching ACL entry" +.IP * 4 +If the user is the file owner, access is granted \fIonly\fR if the +ACL_USER_OBJ entry contains the requested permissions. +.IP * 4 +If the ACL contains a named user (ACL_USER) entry that matches the user, then: +.RS +.IP - 4 +If access is granted by that entry, continue with step \fB(2)\fR below. +.IP - 4 +Otherwise, access is denied. +.RE +.IP * 4 +If the user is in the owning group of the file (ACL_GROUP_OBJ entry), or if the user is member of a named group (ACL_GROUP entries), then: +.RS +.IP - 4 +If either the ACL_GROUP_OBJ entry or one of the ACL_GROUP entries contains the requested permissions, continue with step \fB(2)\fR below. (Permissions of multiple ACL entries are +.I not +accumulated.) +.IP - 4 +Otherwise, access is denied. +.RE +.IP * 4 +If none of the above rules match, then +.RS +.IP - 4 +If the ACL_OTHER entry contains the requested permissions, access is +granted. +.IP - 4 +Otherwise, access is denied. +.RE +.SS (2) Check the access mask +.IP * 4 +If the access mask (ACL_MASK) contains the requested permissions, access is granted. +.IP * 4 +Otherwise, access is denied. +.SH DEFAULT ACCESS CONTROL LISTS +Directories may have a default ACL, in addition to the regular ACL. While the +purpose of the regular ACL is to control access to a file or directory, +the purpose of the default ACL is to control access to files which are +created inside the directory. +.PP +When a file is created, +a create permissions are specified that determines the maximum access rights to +the file. This usually is 0666 of files, and 0777 for directories. +.PP +Traditionally, the effective access rights to new files are determined by combining the +.B umask +and the create permissions. The default ACL replaces the role of the +.BR umask . +The following steps are taken when a file is created inside a directory which has a default ACL: +.IP * 4 +The new file inherits the directory's default ACL as its access ACL. +.IP * 4 +The permissions of the new file's access ACL are modified in the following way: +.RS +.IP - 4 +The ACL_USER entry is set to the union of the value determied by the default ACL and the user bits of the create permissions. +.IP - 4 +The ACL_OTHER entry is set to the union of the value determined by the default ACL and the other bits of the create permissions. +.IP - 4 +If the new file's ACL contains an ACL_MASK entry, the permission bits of the ACL_MASK entry are set to the group bits of the create permissions. If the new file's ACL does not contain an ACL_MASK entry, the permission bits of the ACL_GROUP_OBJ entry are set to the group bits of the create permissions. +.RE +.IP * 4 +The user and other part of the new file's mode bits are set to the ACL_USER_OBJ and ACL_OTHER permission bits, respectively. +.IP * 4 +If the new file's ACL contains an ACL_MASK entry, the group bits of the new file's mode field are set to the ACL_MASK entry permission bits. If the new file's ACL does not contain an ACL_MASK entry, the group bits of the new file's mode field are set to the ACL_GROUP_OBJ entry permission bits. +.IP * 4 +If the new file is a directory, it inherits the parent directory's default ACL as its own default ACL. +.PP +For directories without a default ACL, the +.B umask +is used to determine effective permissions (see +.BR umask (2)). +.PP +.SH FILE MODE PERMISSION BITS TO ACL ENTRY MAPPING +.fam C +.nf + user group other + ----+-------+-------+-------+ + | r w x | r w x | r w x | + ----+-------+-------+-------+ + ^ ^ ^ + | | +-- maps to ACL_OTHER + | +-- maps to ACL_GROUP_OBJ or ACL_MASK + +-- maps to ACL_USER_OBJ +.fi +.fam T +.PP +.SH NFSv2, NFSv3 AND ACCESS CONTROL LISTS +The NFS protocol in version 2 performs some access control decisions at +the client, based on the file mode permission bits. It serves the user +cached file contents if it thinks access would be granted. This logic +is no longer correct if access control lists are in effect. Both false +positives and denials might result. + +As a workaround, the file mode permission bits are modified before +sending them to NFSv2 clients. This ensures NFS clients don't grant +extra permissions. (Only the kernel NFS daemon does that right now; the +userspace NFS daemon has not been patched yet.) The file mode permission +sent are a subset of the real file mode permission bits. They are changed +as follows: + +.IP * 4 +The group file mode permission bits are set to the intersection of the ACL_GROUP_OBJ and the ACL_MASK ACL entry. +.IP * 4 +The others file mode permission bits are set to the intersection of all +ACL entries excluding the ACL_USER_OBJ entry. +.PP +A consequence of these changes is that extended permissions granted by ACLs are not available over NFSv2 mounts. + +Up to at least 2.2.18 and 2.4.2 kernels, the NFSv3 implementation does +not implement the ACCESS remote procedure call. Therefore, NFSv3 currently +suffers the same problems as NFSv2. The same workaround is employed right +now. + +.SH CHANGES TO THE FILE UTILITIES +The +.BR ls (1) +utility displays a plus sign (`+') after the permission string of entries with an extended ACL (i.e., entries where the permission string shows only part of the effective permissions). +.PP +The +.BR cp "(1) and " mv (1) +utilities preserve ACLs if possible. If files are copied or moved between fileystems that do not support ACLs, only the file mode permission bits are preserved, and a warning is written to standard error. +.PP +The +.BR chmod (1) +utility is traditionally used to change the file mode permission bits. +Changing the permission bits using +.B chmod +has the following effect on an ACL that is associated with a file: +.IP * 4 +The new user permission bits replace the permissions of the owner ACL entry. +.IP * 4 +The new group permission bits replace the permission bits of the mask ACL entry if a mask ACL entry exists. The new group permission bits replace the permission bits of the owning group ACL entry if no mask ACL entry exists. +.IP * 4 +The new others permission bits replace the permissions of the others ACL entry. +.PP +.fam T +.SH AUTHOR +Andreas Gruenbacher, +.RI < a.gruenbacher@computer.org >. + +Please send your bug reports, suggested features and comments to the +above address. +.SH SEE ALSO +getfacl(1), setfacl(1), chmod(1), umask(1), ls(1) diff --git a/getfacl/getfacl.c b/getfacl/getfacl.c index 78fb9b0..049db2f 100644 --- a/getfacl/getfacl.c +++ b/getfacl/getfacl.c @@ -405,6 +405,20 @@ int do_show(FILE *stream, const char *path_p, const struct stat *st, return 0; } +/* + * Create an ACL from the file permission bits + * of the file PATH_P. + */ +static acl_t +acl_get_file_mode(const char *path_p) +{ + struct stat st; + + if (stat(path_p, &st) != 0) + return NULL; + return acl_from_mode(st.st_mode); +} + int do_print(const char *path_p, const struct stat *st) { const char *str; @@ -471,8 +485,8 @@ int do_print(const char *path_p, const struct stat *st) } if (acl != NULL) { - char *acl_text = acl_to_any_text(acl, NULL, - "", '\n', "", print_options); + char *acl_text = acl_to_any_text(acl, NULL, '\n', + print_options); if (!acl_text) goto fail; if (puts(acl_text) < 0) { @@ -482,8 +496,9 @@ int do_print(const char *path_p, const struct stat *st) acl_free(acl_text); } if (default_acl != NULL) { - char *acl_text = acl_to_any_text(default_acl, NULL, - default_prefix, '\n', "", print_options); + char *acl_text = acl_to_any_text(default_acl, + default_prefix, '\n', + print_options); if (!acl_text) goto fail; if (puts(acl_text) < 0) { diff --git a/include/libacl.h b/include/libacl.h index 2c0db6e..5244bf3 100644 --- a/include/libacl.h +++ b/include/libacl.h @@ -40,16 +40,12 @@ extern "C" { #define ACL_MISS_ERROR (0x3000) /* missing required entry */ #define ACL_ENTRY_ERROR (0x4000) /* wrong entry type */ -extern char *acl_to_any_text(acl_t acl, ssize_t *len_p, const char *prefix, - char separator, const char *suffix, int options); +extern char *acl_to_any_text(acl_t acl, const char *prefix, + char separator, int options); extern int acl_cmp(acl_t acl1, acl_t acl2); extern int acl_check(acl_t acl, int *last); extern acl_t acl_from_mode(mode_t mode); extern int acl_equiv_mode(acl_t acl, mode_t *mode_p); -extern acl_t acl_get_file_mode(const char *path_p); -extern acl_t acl_get_fd_mode(int fd); -extern int acl_set_file_mode(const char *path_p, acl_type_t type, acl_t acl); -extern int acl_set_fd_mode(int fd, acl_t acl); int acl_extended_file(const char *path_p); int acl_extended_fd(int fd); extern int acl_entries(acl_t acl); diff --git a/libacl/Makefile b/libacl/Makefile index 8cd2a97..5ee3bee 100644 --- a/libacl/Makefile +++ b/libacl/Makefile @@ -51,16 +51,15 @@ POSIX_CFILES = \ acl_get_perm.c acl_get_permset.c acl_get_qualifier.c \ acl_get_tag_type.c acl_init.c acl_set_fd.c acl_set_file.c \ acl_set_permset.c acl_set_qualifier.c acl_set_tag_type.c acl_to_text.c \ - acl_valid.c + acl_valid.c acl_size.c LIBACL_CFILES = \ - acl_check.c acl_cmp.c acl_entries.c \ - acl_equiv_mode.c acl_error.c acl_extended_fd.c acl_extended_file.c \ - acl_from_mode.c acl_get_fd_mode.c acl_get_file_mode.c \ - acl_set_fd_mode.c acl_set_file_mode.c acl_size.c acl_to_any_text.c + acl_to_any_text.c acl_entries.c acl_check.c acl_error.c acl_cmp.c \ + acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c INTERNAL_CFILES = \ - __acl_to_xattr.c __acl_from_xattr.c __acl_reorder_obj_p.c __libobj.c + __acl_to_any_text.c __acl_to_xattr.c __acl_from_xattr.c \ + __acl_reorder_obj_p.c __libobj.c default: $(LTLIBRARY) diff --git a/libacl/__acl_to_any_text.c b/libacl/__acl_to_any_text.c new file mode 100644 index 0000000..2ed9243 --- /dev/null +++ b/libacl/__acl_to_any_text.c @@ -0,0 +1,343 @@ +/* + File: __acl_to_any_text.c + + Copyright (C) 1999, 2000 + Andreas Gruenbacher, <a.gruenbacher@computer.org> + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <pwd.h> +#include <grp.h> +#include <acl/libacl.h> +#include "libacl.h" + +static ssize_t acl_entry_to_any_str(const acl_entry_t entry_d, char *text_p, + ssize_t size, const acl_entry_t mask_d, + const char *prefix, int options); +static ssize_t snprint_uint(char *text_p, ssize_t size, unsigned int i); +static const char *user_name(uid_t uid); +static const char *group_name(gid_t uid); + +char * +__acl_to_any_text(acl_t acl, ssize_t *len_p, const char *prefix, + char separator, const char *suffix, int options) +{ + acl_obj *acl_obj_p = ext2int(acl, acl); + ssize_t size, len = 0, entry_len = 0, + suffix_len = suffix ? strlen(suffix) : 0; + string_obj *string_obj_p, *tmp; + acl_entry_obj *entry_obj_p, *mask_obj_p = NULL; + if (!acl_obj_p) + return NULL; + size = acl->a_used * 15 + 1; + string_obj_p = new_var_obj_p(string, size); + if (!string_obj_p) + return NULL; + + if (options & (TEXT_SOME_EFFECTIVE|TEXT_ALL_EFFECTIVE)) { + /* fetch the ACL_MASK entry */ + FOREACH_ACL_ENTRY(entry_obj_p, acl_obj_p) { + if (entry_obj_p->etag == ACL_MASK) { + mask_obj_p = entry_obj_p; + break; + } + } + } + + FOREACH_ACL_ENTRY(entry_obj_p, acl_obj_p) { + if (len + entry_len + 1 > size) { + while (len + entry_len + 1 > size) + size <<= 1; + tmp = realloc_var_obj_p(string, string_obj_p, size); + if (tmp == NULL) + goto fail; + string_obj_p = tmp; + } + + entry_len = acl_entry_to_any_str(int2ext(entry_obj_p), + string_obj_p->sstr + len, + size-len, + int2ext(mask_obj_p), + prefix, + options); + if (entry_len < 0) + goto fail; + if (len + entry_len + suffix_len + 1 > size) + continue; + len += entry_len; + string_obj_p->sstr[len] = separator; + len++; + } + if (len) + len--; + if (len && suffix) { + strcpy(string_obj_p->sstr + len, suffix); + len += suffix_len; + } else + string_obj_p->sstr[len] = '\0'; + + if (len_p) + *len_p = len; + return (char *)int2ext(string_obj_p); + +fail: + free_obj_p(string_obj_p); + return NULL; +} + +#define ADVANCE(x) \ + text_p += (x); \ + size -= (x); \ + if (size < 0) \ + size = 0; + +#define ABBREV(s, str_len) \ + if (options & TEXT_ABBREVIATE) { \ + if (size > 0) \ + text_p[0] = *(s); \ + if (size > 1) \ + text_p[1] = ':'; \ + ADVANCE(2); \ + } else { \ + strncpy(text_p, (s), size); \ + ADVANCE(str_len); \ + } + +#define EFFECTIVE_STR "#effective:" + +static ssize_t +acl_entry_to_any_str(const acl_entry_t entry_d, char *text_p, ssize_t size, + const acl_entry_t mask_d, const char *prefix, int options) +{ + #define TABS 4 + static const char *tabs = "\t\t\t\t"; + acl_entry_obj *entry_obj_p = ext2int(acl_entry, entry_d); + acl_entry_obj *mask_obj_p = NULL; + permset_t effective; + acl_tag_t type; + ssize_t x; + const char *orig_text_p = text_p, *str; + if (!entry_obj_p) + return -1; + if (mask_d) { + mask_obj_p = ext2int(acl_entry, mask_d); + if (!mask_obj_p) + return -1; + } + if (text_p == NULL) + size = 0; + + if (prefix) { + strncpy(text_p, prefix, size); + ADVANCE(strlen(prefix)); + } + + type = entry_obj_p->etag; + switch (type) { + case ACL_USER_OBJ: /* owner */ + mask_obj_p = NULL; + /* fall through */ + case ACL_USER: /* additional user */ + ABBREV("user:", 5); + if (type == ACL_USER) { + if (options & TEXT_NUMERIC_IDS) + str = NULL; + else + str = user_name(entry_obj_p->eid.qid); + if (str != NULL) { + strncpy(text_p, str, size); + ADVANCE(strlen(str)); + } else { + x = snprint_uint(text_p, size, + entry_obj_p->eid.qid); + ADVANCE(x); + } + } + if (size > 0) + *text_p = ':'; + ADVANCE(1); + break; + + case ACL_GROUP_OBJ: /* owning group */ + case ACL_GROUP: /* additional group */ + ABBREV("group:", 6); + if (type == ACL_GROUP) { + if (options & TEXT_NUMERIC_IDS) + str = NULL; + else + str = group_name(entry_obj_p->eid.qid); + if (str != NULL) { + strncpy(text_p, str, size); + ADVANCE(strlen(str)); + } else { + x = snprint_uint(text_p, size, + entry_obj_p->eid.qid); + ADVANCE(x); + } + } + if (size > 0) + *text_p = ':'; + ADVANCE(1); + break; + + case ACL_MASK: /* acl mask */ + mask_obj_p = NULL; + ABBREV("mask:", 5); + if (size > 0) + *text_p = ':'; + ADVANCE(1); + break; + + case ACL_OTHER: /* other users */ + mask_obj_p = NULL; + /* fall through */ + ABBREV("other:", 6); + if (size > 0) + *text_p = ':'; + ADVANCE(1); + break; + + default: + return 0; + } + + switch ((size >= 3) ? 3 : size) { + case 3: + text_p[2] = (entry_obj_p->eperm.sperm & + ACL_EXECUTE) ? 'x' : '-'; + /* fall through */ + case 2: + text_p[1] = (entry_obj_p->eperm.sperm & + ACL_WRITE) ? 'w' : '-'; + /* fall through */ + case 1: + text_p[0] = (entry_obj_p->eperm.sperm & + ACL_READ) ? 'r' : '-'; + break; + } + ADVANCE(3); + + if (mask_obj_p && + (options & (TEXT_SOME_EFFECTIVE|TEXT_ALL_EFFECTIVE))) { + mask_obj_p = ext2int(acl_entry, mask_d); + if (!mask_obj_p) + return -1; + + effective = entry_obj_p->eperm.sperm & + mask_obj_p->eperm.sperm; + if (effective != entry_obj_p->eperm.sperm || + options & TEXT_ALL_EFFECTIVE) { + x = (options & TEXT_SMART_INDENT) ? + ((text_p - orig_text_p)/8) : TABS-1; + strncpy(text_p, tabs+x, size); + ADVANCE(TABS-x); + + strncpy(text_p, EFFECTIVE_STR, size); + ADVANCE(sizeof(EFFECTIVE_STR)-1); + + switch ((size >= 3) ? 3 : size) { + case 3: + text_p[2] = (effective & + ACL_EXECUTE) ? 'x' : '-'; + /* fall through */ + case 2: + text_p[1] = (effective & + ACL_WRITE) ? 'w' : '-'; + /* fall through */ + case 1: + text_p[0] = (effective & + ACL_READ) ? 'r' : '-'; + break; + } + ADVANCE(3); + + } + } + + /* zero-terminate string (but don't count '\0' character) */ + if (size > 0) + *text_p = '\0'; + + return (text_p - orig_text_p); /* total size required, excluding + final NULL character. */ +} + +#undef ADVANCE + + + +/* + This function is equivalent to the proposed changes to snprintf: + snprintf(text_p, size, "%u", i) + (The current snprintf returns -1 if the buffer is too small; the proposal + is to return the number of characters that would be required. See the + snprintf manual page.) +*/ + +static ssize_t +snprint_uint(char *text_p, ssize_t size, unsigned int i) +{ + unsigned int tmp = i; + int digits = 1; + unsigned int factor = 1; + + while ((tmp /= 10) != 0) { + digits++; + factor *= 10; + } + if (size && (i == 0)) { + *text_p++ = '0'; + } else { + while (size > 0 && factor > 0) { + *text_p++ = '0' + (i / factor); + size--; + i %= factor; + factor /= 10; + } + } + if (size) + *text_p = '\0'; + + return digits; +} + + +static const char * +user_name(uid_t uid) +{ + struct passwd *passwd = getpwuid(uid); + + if (passwd != NULL) + return passwd->pw_name; + else + return NULL; +} + + +static const char * +group_name(gid_t gid) +{ + struct group *group = getgrgid(gid); + + if (group != NULL) + return group->gr_name; + else + return NULL; +} + diff --git a/libacl/acl_get_fd.c b/libacl/acl_get_fd.c index ec055c9..3a3a65e 100644 --- a/libacl/acl_get_fd.c +++ b/libacl/acl_get_fd.c @@ -19,6 +19,8 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include <sys/types.h> +#include <sys/stat.h> #include <unistd.h> #include <stdio.h> #include <attr/xattr.h> @@ -54,7 +56,12 @@ acl_get_fd(int fd) acl_t acl = __acl_from_xattr(ext_acl_p, retval); return acl; } else if (retval == 0 || errno == ENOATTR) { - return acl_get_fd_mode(fd); + struct stat st; + + if (fstat(fd, &st) == 0) + return acl_from_mode(st.st_mode); + else + return NULL; } else return NULL; } diff --git a/libacl/acl_get_fd_mode.c b/libacl/acl_get_fd_mode.c deleted file mode 100644 index 4819ad1..0000000 --- a/libacl/acl_get_fd_mode.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - File: acl_get_fd_mode.c - - Copyright (C) 1999, 2000 - Andreas Gruenbacher, <a.gruenbacher@computer.org> - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#include <stdio.h> -#include <errno.h> -#include <sys/stat.h> -#include <acl/libacl.h> -#include "libacl.h" - - -/* -Same as acl_get_file, but based on the file mode permission bits. -*/ - -acl_t -acl_get_fd_mode(int fd) -{ - struct stat st; - - if (fstat(fd, &st) != 0) - return NULL; - return acl_from_mode(st.st_mode); -} - diff --git a/libacl/acl_get_file.c b/libacl/acl_get_file.c index e26f166..42f05ac 100644 --- a/libacl/acl_get_file.c +++ b/libacl/acl_get_file.c @@ -19,6 +19,8 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include <sys/types.h> +#include <sys/stat.h> #include <unistd.h> #include <stdio.h> #include <attr/xattr.h> @@ -67,9 +69,14 @@ acl_get_file(const char *path_p, acl_type_t type) acl_t acl = __acl_from_xattr(ext_acl_p, retval); return acl; } else if (retval == 0 || errno == ENOATTR) { - if (type == ACL_TYPE_ACCESS) - return acl_get_file_mode(path_p); - else + if (type == ACL_TYPE_ACCESS) { + struct stat st; + + if (stat(path_p, &st) == 0) + return acl_from_mode(st.st_mode); + else + return NULL; + } else return acl_init(0); } else return NULL; diff --git a/libacl/acl_get_file_mode.c b/libacl/acl_get_file_mode.c deleted file mode 100644 index 8083130..0000000 --- a/libacl/acl_get_file_mode.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - File: acl_get_file_mode.c - - Copyright (C) 1999, 2000 - Andreas Gruenbacher, <a.gruenbacher@computer.org> - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#include <stdio.h> -#include <errno.h> -#include <sys/stat.h> -#include <acl/libacl.h> -#include "libacl.h" - - -/* -Same as acl_get_file, but based on the file mode permission bits. -*/ - -acl_t -acl_get_file_mode(const char *path_p) -{ - struct stat st; - - if (stat(path_p, &st) != 0) - return NULL; - return acl_from_mode(st.st_mode); -} - diff --git a/libacl/acl_set_fd_mode.c b/libacl/acl_set_fd_mode.c deleted file mode 100644 index e2227d1..0000000 --- a/libacl/acl_set_fd_mode.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - File: acl_set_fd_mode.c - - Copyright (C) 1999, 2000 - Andreas Gruenbacher, <a.gruenbacher@computer.org> - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#include <stdio.h> -#include <errno.h> -#include <sys/stat.h> -#include <acl/libacl.h> -#include "libacl.h" - - -/* -Same as acl_set_fd, but uses file mode permission bits. -*/ - -int -acl_set_fd_mode(int fd, acl_t acl) -{ - struct stat st; - mode_t mode; - int error; - - error = acl_equiv_mode(acl, &mode); - if (error != 0) { - if (error > 0) - errno = ENOTSUP; - return -1; - } - if (fstat(fd, &st) != 0) - return -1; - mode |= st.st_mode & ~(S_IRWXU|S_IRWXG|S_IRWXO); - return fchmod(fd, mode); -} - diff --git a/libacl/acl_set_file_mode.c b/libacl/acl_set_file_mode.c deleted file mode 100644 index 262c6f5..0000000 --- a/libacl/acl_set_file_mode.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - File: acl_set_file_mode.c - - Copyright (C) 1999, 2000 - Andreas Gruenbacher, <a.gruenbacher@computer.org> - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#include <stdio.h> -#include <errno.h> -#include <sys/stat.h> -#include <acl/libacl.h> -#include "libacl.h" - - -/* -Same as acl_set_file, but based on the file mode permission bits. -*/ - -int -acl_set_file_mode(const char *path_p, acl_type_t type, acl_t acl) -{ - struct stat st; - mode_t mode; - int error; - - switch(type) { - case ACL_TYPE_ACCESS: - error = acl_equiv_mode(acl, &mode); - if (error != 0) { - if (error > 0) - errno = ENOTSUP; - return -1; - } - if (stat(path_p, &st) != 0) - return -1; - mode |= st.st_mode & ~(S_IRWXU|S_IRWXG|S_IRWXO); - return chmod(path_p, mode); - - case ACL_TYPE_DEFAULT: - if (acl_entries(acl) == 0) - return 0; - errno = ENOTSUP; - return -1; - - default: - errno = EINVAL; - return -1; - } -} - diff --git a/man/Makefile b/man/Makefile index 2c28d92..f47b9d9 100644 --- a/man/Makefile +++ b/man/Makefile @@ -33,7 +33,7 @@ TOPDIR = .. include $(TOPDIR)/include/builddefs -SUBDIRS = man1 man5 +SUBDIRS = man1 man3 man5 default install install-dev install-lib html ps: $(SUBDIRS) $(SUBDIRS_MAKERULE) diff --git a/man/man1/Makefile b/man/man1/Makefile index 3459946..a3408d2 100644 --- a/man/man1/Makefile +++ b/man/man1/Makefile @@ -38,7 +38,6 @@ MAN_SECTION = 1 MAN_PAGES = $(shell echo *.$(MAN_SECTION)) MAN_DEST = $(PKG_MAN_DIR)/man$(MAN_SECTION) LSRCFILES = $(MAN_PAGES) -LDIRT = $(MAN_PAGES:%=%.ps) $(MAN_PAGES:%=%.html) default : $(MAN_PAGES) @@ -48,13 +47,3 @@ install : default $(INSTALL) -m 755 -d $(MAN_DEST) $(INSTALL_MAN) install-dev install-lib: - -html : $(MAN_PAGES:%=%.html) -ps : $(MAN_PAGES:%=%.ps) - -%.$(MAN_SECTION).ps : %.$(MAN_SECTION) - groff -man -mandoc -T ps $< > $@ - -%.$(MAN_SECTION).html : %.$(MAN_SECTION) - groff -man -mandoc -T html $< > $@ - diff --git a/man/man3/Makefile b/man/man3/Makefile index e69de29..bc89b29 100644 --- a/man/man3/Makefile +++ b/man/man3/Makefile @@ -0,0 +1,49 @@ +# +# Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it would be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Further, this software is distributed without any warranty that it is +# free of the rightful claim of any third person regarding infringement +# or the like. Any license provided herein, whether implied or +# otherwise, applies only to this software file. Patent licenses, if +# any, provided herein do not apply to combinations of this program with +# other software, or any other product whatsoever. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write the Free Software Foundation, Inc., 59 +# Temple Place - Suite 330, Boston MA 02111-1307, USA. +# +# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy, +# Mountain View, CA 94043, or: +# +# http://www.sgi.com +# +# For further information regarding this notice, see: +# +# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/ +# + +TOPDIR = ../.. +include $(TOPDIR)/include/builddefs + +MAN_SECTION = 3 + +MAN_PAGES = $(shell echo *.$(MAN_SECTION)) +MAN_DEST = $(PKG_MAN_DIR)/man$(MAN_SECTION) +LSRCFILES = $(MAN_PAGES) + +default : $(MAN_PAGES) + +include $(BUILDRULES) + +install-dev : default + $(INSTALL) -m 755 -d $(MAN_DEST) + $(INSTALL_MAN) +install install-lib: diff --git a/man/man3/acl_add_perm.3 b/man/man3/acl_add_perm.3 new file mode 100644 index 0000000..9fe627c --- /dev/null +++ b/man/man3/acl_add_perm.3 @@ -0,0 +1,82 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_ADD_PERM 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_add_perm \- add a permission to an ACL permission set +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_add_perm (acl_permset_t \f2permset_d\f3, acl_perm_t \f2perm\f3);" +.Op +.SH DESCRIPTION +The +.B acl_add_perm +function adds the permission contained in the argument +.B perm +to the permission set referred to by the argument +.IR permset_d . +An attempt to add a permission that is already contained in the permission +set is not considered an error. +.PP +Any existing descriptors that refer to +.I permset_d +continue to refer to that permission set. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_add_perm +function returns -1 +and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I permset_d +is not a valid descriptor for a permission set within an ACL entry. +.TP +.SM +\%[EINVAL] +The argument +.I perm +does not contain a valid +.B acl_perm_t +value. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHORS +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_perm (3), +.BR acl_delete_perm (3), +.BR acl_clear_perms (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +and +.BR acl (5). diff --git a/man/man3/acl_calc_mask.3 b/man/man3/acl_calc_mask.3 new file mode 100644 index 0000000..a5a46c0 --- /dev/null +++ b/man/man3/acl_calc_mask.3 @@ -0,0 +1,93 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_CALC_MASK 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_calc_mask \- calculate the file group class mask +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_calc_mask (acl_t *\f2acl_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_calc_mask +function calculates and sets the permissions associated with the ACL_MASK +ACL entry of the ACL referred to by +.IR acl_p . +The value of the new permissions is the union of the permissions +granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or ACL_USER. +If the ACL referred to by +.I acl_p +already contains an ACL_MASK entry, its permissions are overwritten; +if it does not contain an ACL_MASK entry, one is added. +.PP +If the ACL referred to by +.I acl_p +does not contain enough space for the new ACL entry, then additional working +storage may be allocated. If the working storage cannot be increased in the +current location, then it may be relocated and the previous working storage +is released and a pointer to the new working storage is returned via +.IR acl_p . +.PP +The order of existing entries in the ACL is undefined after this function. +.PP +Any existing ACL entry descriptors that refer to entries in the ACL continue to +refer to those entries. Any existing ACL pointers that refer to the ACL +referred to by +.I acl_p +continue to refer to the ACL. +.\" <AG> +.\" Conflict between requirements: +.\" (a) ACL may be relocated, +.\" (b) all pointers remain valid. +.\" </AG> +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_calc_mask +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.TP +.SM +\%[ENOMEM] +The +.B acl_calc_mask +function is unable to allocate the memory required for an ACL_MASK ACL entry. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl (5) diff --git a/man/man3/acl_check.3 b/man/man3/acl_check.3 new file mode 100644 index 0000000..4b10f14 --- /dev/null +++ b/man/man3/acl_check.3 @@ -0,0 +1,111 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_CHECK 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_check \- check an ACL for validity +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_check (acl_t \f2acl\f3, int *\f2last\f3);" +.Op +.SH DESCRIPTION +The +.B acl_check +function checks the ACL referred to by the argument +.I acl +for validity. +.PP +The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER +must exist exactly once in the ACL. If the ACL contains any ACL_USER or +ACL_GROUP entries, then an ACL_MASK entry is also required. The ACL +may contain at most one ACL_MASK entry. +.PP +The user identifiers must be unique among all entries of type ACL_USER. +The group identifiers must be unique among all entries of type ACL_GROUP. +.PP +If the ACL referred to by +.I acl +is invalid, +.B acl_check +returns a positive error code that indicates which type of error was detected. +The following symbolic error codes are defined: +.TP +.B ACL_MULTI_ERROR +The ACL contains multiple entries that have a tag type +that may occur at most once. +.TP +.B ACL_DUPLICATE_ERROR +The ACL contains multiple ACL_USER entries with the same user ID, or +multiple ACL_GROUP entries with the same group ID. +.TP +.B ACL_MISS_ERROR +A required entry is missing. +.TP +.B ACL_ENTRY_ERROR +The ACL contains an invalid entry tag type. +.PP +The +.BR acl_error (3) +function can be used to translate error codes to text messages. +.PP +In addition, if the pointer +.I last +is not NULL, +.B acl_check +assigns the number of the ACL entry at which the error was detected to +the value pointed to by +.IR last . +Entries are numbered starting with 0, in the order in which they would be +returned by the +.BR acl_get_entry (3) +function. +.SH RETURN VALUE +If successful, the +.B acl_check +function returns 0 if the ACL referred to by +.I acl +is valid, and a positive error code if the ACL is invalid. +Otherwise, a value of -1 is returned and the global variable +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_check +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_valid (3), +.BR acl (5) diff --git a/man/man3/acl_clear_perms.3 b/man/man3/acl_clear_perms.3 new file mode 100644 index 0000000..3eccfae --- /dev/null +++ b/man/man3/acl_clear_perms.3 @@ -0,0 +1,68 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_CLEAR_PERMS 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_clear_perms \- clear all permissions from an ACL permission set +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_clear_perms (acl_permset_t \f2permset_d\f3);" +.Op +.SH DESCRIPTION +The +.B acl_clear_perms +function clears all permissions from the permission set referred to by the argument +.IR permset_d . +.PP +Any existing descriptors that refer to +.I permset_d +shall continue to refer to that permission set. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_clear_perms +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I permset_d +is not a valid descriptor for a permission set within an ACL entry. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_perm (3), +.BR acl_add_perm (3), +.BR acl_delete_perm (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +.BR acl (5) diff --git a/man/man3/acl_cmp.3 b/man/man3/acl_cmp.3 new file mode 100644 index 0000000..aa8a333 --- /dev/null +++ b/man/man3/acl_cmp.3 @@ -0,0 +1,79 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_CMP 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_cmp \- compare two ACLs +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_cmp (acl_t \f2acl1\f3, acl_t \f2acl2\f3);" +.Op +.SH DESCRIPTION +The +.B acl_cmp +function compares the ACLs pointed to by the arguments +.I acl1 +and +.I acl2 +for equality. The two ACLs are considered equal if for each entry in +.I acl1 +there is an entry in +.I acl2 +with matching tag type, qualifier, and permissions, and vice versa. +.SH RETURN VALUE +If successful, the +.B acl_cmp +function returns 0 if the two ACLs +.I acl1 +and +.I acl2 +are equal, and 1 if they differ. Otherwise, the value -1 +is returned and the global variable +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_cmp +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl1 +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The argument +.I acl2 +is not a valid pointer to an ACL. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl (5) diff --git a/man/man3/acl_copy_entry.3 b/man/man3/acl_copy_entry.3 new file mode 100644 index 0000000..15de417 --- /dev/null +++ b/man/man3/acl_copy_entry.3 @@ -0,0 +1,77 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_COPY_ENTRY 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_copy_entry \- copy an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_copy_entry (acl_entry_t \f2dest_d\f3, acl_entry_t \f2src_d\f3);" +.Op +.SH DESCRIPTION +The +.B acl_copy_entry +function copies the contents of the ACL entry indicated by the +.I src_d +descriptor to the existing ACL entry indicated by the +.I dest_d +descriptor. +The +.I src_d +and +.I dest_d +descriptors may refer to entries in different ACLs. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_copy_entry +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I src_d +or +.I dest_d +is not a valid descriptor for an ACL entry. +.TP +.SM +\%[EINVAL] +The arguments +.I src_d +and +.I dest_d +reference the same ACL entry. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl (5) diff --git a/man/man3/acl_copy_ext.3 b/man/man3/acl_copy_ext.3 index e69de29..b7756c9 100644 --- a/man/man3/acl_copy_ext.3 +++ b/man/man3/acl_copy_ext.3 @@ -0,0 +1,105 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_COPY_EXT 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_copy_ext \- copy an ACL from internal to external representation +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "ssize_t acl_copy_ext (void *\f2buf_p\f3, acl_t \f2acl\f3, ssize_t \f2size\f3);" +.Op +.SH DESCRIPTION +The +.B acl_copy_ext +function copies the ACL pointed to by +.I acl +from system-managed space to the user managed space pointed to by +.IR buf_p . +The +.I size +parameter represents the size in bytes of the buffer pointed to by +.IR buf_p . +The format of the ACL placed in the buffer pointed to by +.I buf_p +is a contiguous, persistent data item, the format of which is unspecified. +It is the responsibility of the invoker to allocate an area large enough +to hold the copied ACL. The size of the exportable, contiguous, persistent +form of the ACL may be obtained by invoking the +.B acl_size +function. +.PP +Any ACL entry descriptors that refer to an entry in the ACL referenced by +.I acl +continue to refer to those entries. Any existing ACL pointers that refer +to the ACL referenced by +.I acl +continue to refer to the ACL. +.SH RETURN VALUE +Upon successful completion, this function returns the number of bytes placed in the buffer pointed to by +.IR buf_p . +Otherwise, a value of (ssize_t)-1 is returned and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_copy_ext +function returns a value of (ssize_t)-1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The +.I size +parameter is zero or negative. +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The ACL referenced by +.I acl +contains one or more improperly formed ACL entries, or for some other +reason cannot be translated into the external form of an ACL. +.TP +.SM +\%[ERANGE] +The +.I size +parameter is greater than zero but smaller than the length of the +contiguous, persistent form of the ACL. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_copy_int (3), +.BR acl_size (3), +.BR acl 5 diff --git a/man/man3/acl_copy_int.3 b/man/man3/acl_copy_int.3 new file mode 100644 index 0000000..5eb0b2c --- /dev/null +++ b/man/man3/acl_copy_int.3 @@ -0,0 +1,78 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_COPY_INT 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_copy_int \- copy an ACL from external to internal representation +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_copy_int (const void *\f2buf_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_copy_int +function copies an exportable, contiguous, persistent form of an ACL, pointed to by +.IR buf_p , +to the internal representation. +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with the (void*)acl_t returned by +.B acl_copy_int +as an argument. +.SH RETURN VALUE +Upon successful completion, +the +.B acl_copy_int +function returns a pointer that references the ACL in working storage. +Otherwise, a value of (acl_t)NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_copy_int +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The buffer pointed to by the +.I buf_p +argument does not contain a valid external form ACL. +.TP +.SM +\%[ENOMEM] +The ACL working storage requires more memory than is allowed by the hardware or system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_copy_ext (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_create_entry.3 b/man/man3/acl_create_entry.3 new file mode 100644 index 0000000..325eaec --- /dev/null +++ b/man/man3/acl_create_entry.3 @@ -0,0 +1,97 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_CREATE_ENTRY 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_create_entry \- create a new ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_create_entry (acl_t *\f2acl_p\f3, acl_entry_t *\f2entry_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_create_entry +function creates a new ACL entry in the ACL pointed to by the contents of the pointer argument +.IR acl_p . +Upon successful completion, the function returns a descriptor for the new +ACL entry via +.IR entry_p . +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with +.\" <AG> +.\" 1003.1e says: +.\" .I (void*)acl_t +.\" this makes no sense, so: +.I (void*)acl_p +.\" </AG> +as an argument. +If the ACL working storage cannot be increased in the current location, +then the working storage for the ACL pointed to by +.I acl_p +may be relocated and the previous working storage is released. A pointer to +the new working storage is returned via +.IR acl_p . +.PP +The components of the new ACL entry are initialized in the following ways: the +ACL tag type component contains ACL_UNDEFINED_TAG, the qualifier component +contains ACL_UNDEFINED_ID, and the set of permissions has no permissions +enabled. Any existing ACL entry descriptors that refer to entries in the ACL +continue to refer to those entries. +.\" <AG> +.\" Conflict between requirements: +.\" (a) ACL may be relocated, +.\" (b) all pointers remain valid. +.\" </AG> +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_create_entry +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl_p +is not a valid pointer to an ACL. +.TP +.SM +\%[ENOMEM] +The ACL working storage requires more memory than is allowed by the hardware or system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_init (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_delete_def_file.3 b/man/man3/acl_delete_def_file.3 index e69de29..c225ad7 100644 --- a/man/man3/acl_delete_def_file.3 +++ b/man/man3/acl_delete_def_file.3 @@ -0,0 +1,85 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_DELETE_DEF_FILE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_delete_def_file \- delete a default ACL by filename +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_delete_def_file (const char *\f2path_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_delete_def_file +function deletes a default ACL from the directory whose pathname is pointed to by the argument +.IR path_p . +.PP +The effective user ID of the process must match the owner of the file or +directory or the process must have the CAP_FOWNER capability for the +request to succeed. +.PP +If the argument +.I path_p +is not a directory, then the function fails. It is no error if the directory whose pathname is pointed to by the argument +.I path_p +does not have a default ACL. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_delete_def_file +function returns the value -1 and and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The file referred to by +.I path_p +is not a directory. +.TP +.SM +\%[EPERM] +The process does not have appropriate privilege to perform the operation to delete the default ACL. +.TP +.SM +\%[EROFS] +This function requires modification of a file system which is currently read-only. +.TP +.SM +\%[ENOTSUP] +The file system on which the file identified by +.I path_p +is located does not support ACLs, or ACLs are disabled. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_file (3), +.BR acl_set_file (3), +.BR acl (5) diff --git a/man/man3/acl_delete_entry.3 b/man/man3/acl_delete_entry.3 new file mode 100644 index 0000000..168a689 --- /dev/null +++ b/man/man3/acl_delete_entry.3 @@ -0,0 +1,81 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_DELETE_ENTRY 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_delete_entry \- delete an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_delete_entry (acl_t \f2acl\f3, acl_entry_t \f2entry_d\f3);" +.Op +.SH DESCRIPTION +The +.B acl_delete_entry +function removes the ACL entry indicated by the +.I entry_d +descriptor from the ACL pointed to by +.IR acl . +Any existing ACL entry descriptors that refer to entries in +.I acl +other than that referred to by +.I entry_d +continue to refer to the same entries. The argument +.I entry_d +and any other ACL entry descriptors that refer to the same ACL entry are +undefined after this function completes. Any existing ACL pointers that +refer to the ACL referred to by +.I acl +continue to refer to the ACL. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_delete_entry +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl_p +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid pointer to an ACL entry. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_copy_entry (3), +.BR acl_create_entry (3), +.BR acl_get_entry (3), +.BR acl (5) diff --git a/man/man3/acl_delete_perm.3 b/man/man3/acl_delete_perm.3 new file mode 100644 index 0000000..daa4706 --- /dev/null +++ b/man/man3/acl_delete_perm.3 @@ -0,0 +1,81 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_DELETE_PERM 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_delete_perm \- delete a permission from an ACL permission set +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_delete_perm (acl_permset_t \f2permset_d\f3, " +.B " acl_perm_t \f2perm\f3);" +.Op +.SH DESCRIPTION +The +.B acl_delete_perm +function deletes the permission contained in the argument +.I perm +from the permission set referred to by the argument +.IR permset_d . +An attempt to delete a permission that is not contained in the permission +set is not considered an error. +.PP +Any existing descriptors that refer to +.I permset_d +continue to refer to that permission set. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_delete_perm +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I permset_d +is not a valid descriptor for a permission set within an ACL entry. +.TP +.SM +\%[EINVAL] +The argument +.I perm +does not contain a valid +.B acl_perm_t +value. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_perm (3), +.BR acl_add_perm (3), +.BR acl_clear_perms (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +.BR acl (5) diff --git a/man/man3/acl_dup.3 b/man/man3/acl_dup.3 index e69de29..c7f215d 100644 --- a/man/man3/acl_dup.3 +++ b/man/man3/acl_dup.3 @@ -0,0 +1,78 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_DUP 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_dup \- duplicate an ACL +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_dup (acl_t \f2acl\f3);" +.Op +.SH DESCRIPTION +The +.B acl_dup +function returns a pointer to a copy of the ACL pointed to by +.IR acl . +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with the +.B (void*)acl_t +returned by +.B acl_dup +as an argument. +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the +working storage. Otherwise, a value of (acl_t)NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_dup +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.TP +.SM +\%[ENOMEM] +The +.B acl_t +to be returned requires more memory than is allowed by the hardware or +system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_entries.3 b/man/man3/acl_entries.3 new file mode 100644 index 0000000..806b9d0 --- /dev/null +++ b/man/man3/acl_entries.3 @@ -0,0 +1,63 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_ENTRIES 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_entries \- return the number of entries in an ACL +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_entries (acl_t \f2acl\f3);" +.Op +.SH DESCRIPTION +The +.B acl_entries +function returns the number of ACL entries that are contained in the ACL referred to by the argument +.IR acl . +.SH RETURN VALUE +The +.B acl_entries +function returns the number of entries in +.I acl +if successful; otherwise the value -1 is returned and the global variable +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_entries +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl (5) diff --git a/man/man3/acl_equiv_mode.3 b/man/man3/acl_equiv_mode.3 new file mode 100644 index 0000000..83ad436 --- /dev/null +++ b/man/man3/acl_equiv_mode.3 @@ -0,0 +1,80 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_EQUIV_MODE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_equiv_mode \- check for an equivalent ACL +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_equiv_mode (acl_t \f2acl\f3, mode_t *\f2mode_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_equiv_mode +function checks if the ACL pointed to by the argument +.I acl +contains only the required ACL entries of tag types +ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER, and contains no +permissions other that ACL_READ, ACL_WRITE or ACL_EXECUTE. +If the ACL has this form, it can can be fully represented with +the traditional file permission bits, and is considered +equivalent with the traditional file permission bits. +.PP +If +.I acl +is an equivalent ACL and the pointer +.I mode_p +is not NULL, the value pointed to by +.I mode_p +is set to the value that defines the same owner, group and other +permissions as contained in +the ACL. +.SH RETURN VALUE +Upon successful completion, this function returns the value 0 if +.I acl +is an equivalent ACL, and the value 1 if +.I acl +is not an equivalent ACL. Otherwise, the value -1 is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_equiv_mode +function returns the value -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_from_mode (3), +.BR acl (5) diff --git a/man/man3/acl_error.3 b/man/man3/acl_error.3 new file mode 100644 index 0000000..4582de8 --- /dev/null +++ b/man/man3/acl_error.3 @@ -0,0 +1,61 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_CHECK 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_error \- convert an ACL error code to a text message +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "const char * acl_error (int \f2code\f3);" +.Op +.SH DESCRIPTION +The +.B acl_error +function converts an ACL error code such as returned by the +.BR acl_check (3) +function to a text message describing the error condition. In the +\(lqPOSIX\(rq locale, +.B acl_check +returns the following descriptions for the error codes: +.IP +ACL_MULTI_ERROR (\(lqMultiple entries\(rq) +.IP +ACL_DUPLICATE_ERROR (\(lqDuplicate entries\(rq) +.IP +ACL_MISS_ERROR (\(lqMissing or wrong entry\(rq) +.IP +ACL_ENTRY_ERROR (\(lqInvalid entry type\(rq) +.SH RETURN VALUE +The +.B acl_error +function returns a text message if the error code is recognized, and a value of +NULL otherwise. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_valid (3), +.BR acl (5) diff --git a/man/man3/acl_extended_fd.3 b/man/man3/acl_extended_fd.3 new file mode 100644 index 0000000..07986c3 --- /dev/null +++ b/man/man3/acl_extended_fd.3 @@ -0,0 +1,83 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_EXTENDED_FD 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_extended_fd \- test for information in the ACL by file descriptor +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_extended_fd (int \f2fd\f3);" +.Op +.SH DESCRIPTION +The +.B acl_extended_fd +function returns 1 if the file referred to by the argument +.I path_p +is associated with an extended access ACL. The function returns 0 +if the file does not have an extended access ACL. +.PP +An extended ACL is an ACL that contains entries other than the three +required entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER. +If the result of the +.B acl_extended_fd +function for a file object is 0, +then the ACL defines no discretionary access rights other than those +already defined by the traditional file permission bits. +.PP +Access to the file object may be further restricted by other +mechanisms, such as Mandatory Access Control schemes. The +.BR access (2) +system call can be used to check whether a given type of access to a file +object would be granted. +.SH RETURN VALUE +If successful, the +.B acl_extended_fd +function returns 1 if the file object referred to by +.I fd +has an extended access ACL, and 0 if the file object referred to by +.I fd +does not have an extended access ACL. Otherwise, the value -1 +is returned and the global variable +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_extended_fd +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[ENOTSUP] +The file system on which the file identified by +.I fd +is located does not support ACLs, or ACLs are disabled. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR access (2), +.BR acl (5) diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3 new file mode 100644 index 0000000..305f9a4 --- /dev/null +++ b/man/man3/acl_extended_file.3 @@ -0,0 +1,86 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_EXTENDED_FILE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_extended_file \- test for information in ACLs by file name +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_extended_file (const char *\f2path_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_extended_file +function returns 1 if the file or directory referred to by the argument +.I path_p +is associated with an extended access ACL, or if the directory referred to by +.I path_p +is associated with a default ACL. The function returns 0 +if the file has neither an extended access ACL nor a default ACL. +.PP +An extended ACL is an ACL that contains entries other than the three +required entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER. +If the result of the +.B acl_extended_file +function for a file object is 0, +then ACLs define no discretionary access rights other than those +already defined by the traditional file permission bits. +.PP +Access to the file object may be further restricted by other +mechanisms, such as Mandatory Access Control schemes. The +.BR access (2) +system call can be used to check whether a given type of access to a file +object would be granted. +.SH RETURN VALUE +If successful, the +.B acl_extended_file +function returns 1 if the file object referred to by +.I path_p +has an extended access ACL or a default ACL, and 0 +if the file object referred to by +.I path_p +has neither an extended access ACL nor a default ACL. Otherwise, the value +-1 is returned and the global variable +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_extended_file +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[ENOTSUP] +The file system on which the file identified by +.I path_p +is located does not support ACLs, or ACLs are disabled. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR access (2), +.BR acl (5) diff --git a/man/man3/acl_free.3 b/man/man3/acl_free.3 index e69de29..3a522f8 100644 --- a/man/man3/acl_free.3 +++ b/man/man3/acl_free.3 @@ -0,0 +1,68 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_FREE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_free \- release memory allocated to an ACL data object +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_free (void *\f2obj_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_free +function frees any releasable memory currently allocated by to the ACL data object identified by +.IR obj_p . +The argument +.I obj_p +may identify an ACL, an ACL entry qualifier, or a pointer to a string +allocated by the +.B acl_to_text +function. +.\" .SH IMPLEMENTATION NOTES +.\" True64 prints a compile time warning for acl_free(text) if text was +.\" produced by acl_to_text(). Bad! +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_free +function returns the value -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The value of the +.I obj_p +argument is invalid. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl (5) diff --git a/man/man3/acl_from_mode.3 b/man/man3/acl_from_mode.3 new file mode 100644 index 0000000..908c8ec --- /dev/null +++ b/man/man3/acl_from_mode.3 @@ -0,0 +1,63 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_FROM_MODE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_from_mode \- create an ACL from file permission bits +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_from_mode (mode_t \f2mode\f3);" +.Op +.SH DESCRIPTION +The +.B acl_from_mode +function creates a minimal ACL that contains the three entries with tag +types ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER, with permissions +corresponding to the owner, group, and other permission bits of its +argument +.IR mode . +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the +working storage. Otherwise, a value of (acl_t)NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_from_mode +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[ENOMEM] +The ACL working storage requires more memory than is allowed by the +hardware or system-imposed memory management constraints. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_equiv_mode (3), +.BR acl (5) diff --git a/man/man3/acl_from_text.3 b/man/man3/acl_from_text.3 index e69de29..6d093c5 100644 --- a/man/man3/acl_from_text.3 +++ b/man/man3/acl_from_text.3 @@ -0,0 +1,82 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_FROM_TEXT 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_from_text \- create an ACL from text +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_from_text (const char *\f2buf_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_from_text +function converts the text form of the ACL referred to by +.I buf_p +into the internal form of an ACL and returns a pointer to the working storage +that contains the ACL. The +.B acl_from_text +function accepts as input the long text form and short text form of an ACL as described in +.BR acl (5). +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with the (void*)acl_t returned by +.B acl_from_text +as an argument. +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the +working storage. Otherwise, a value of (acl_t)NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_from_text +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I buf_p +cannot be translated into an ACL. +.TP +.SM +\%[ENOMEM] +The +.B acl_t +to be returned requires more memory than is allowed by the hardware or +system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_to_text (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_get_entry.3 b/man/man3/acl_get_entry.3 new file mode 100644 index 0000000..f85abf3 --- /dev/null +++ b/man/man3/acl_get_entry.3 @@ -0,0 +1,128 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_ENTRY 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_entry \- get an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_get_entry (acl_t \f2acl\f3, int \f2entry_id\f3, " +.B " acl_entry_t *\f2entry_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_entry +function obtains a descriptor for an ACL entry as specified by +.I entry_id +within the ACL indicated by the argument +.IR acl . +If the value of +.I entry_id +is ACL_FIRST_ENTRY, then the function returns in +.I entry_p +a descriptor for the first ACL entry within +.IR acl . +If the value of +.I entry_id +is ACL_NEXT_ENTRY, then the function returns in +.I entry_p +a descriptor for the next ACL entry within +.IR acl . +.PP +If a call is made to +.B acl_get_entry +with +.I entry_id +set to ACL_NEXT_ENTRY when there has not been either an initial +successful call to +.BR acl_get_entry , +or a previous successful call to +.B acl_get_entry +following a call to +.BR acl_calc_mask (3), +.BR acl_copy_int (3), +.BR acl_create_entry (3), +.BR acl_delete_entry (3), +.BR acl_dup (3), +.BR acl_from_text (3), +.BR acl_get_fd (3), +.BR acl_get_file (3), +.BR acl_set_fd (3), +.BR acl_set_file (3), +or +.BR acl_valid (3), +then the effect is unspecified. +.PP +Calls to +.B acl_get_entry +do not modify any ACL entries. Subsequent operations using the returned +ACL entry descriptor operate on the ACL entry within the ACL in working +storage. The order of all existing entries in the ACL remains unchanged. +Any existing ACL entry descriptors that refer to entries within the ACL +continue to refer to those entries. Any existing ACL pointers that refer +to the ACL referred to by +.I acl +continue to refer to the ACL. +.SH RETURN VALUE +If the function successfully obtains an ACL entry, the function returns a +value of 1. +If the ACL has no ACL entries, the function returns the value 0. +If the value of +.I entry_id +is ACL_NEXT_ENTRY and the last ACL entry in the ACL has already been +returned by a previous call to +.BR acl_get_entry , +the function returns the value 0 until a successful call with an +.I entry_id +of ACL_FIRST_ENTRY is made. Otherwise, the value -1 +is returned and errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_entry +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl_p +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The argument +.I entry_id +is neither ACL_NEXT_ENTRY nor ACL_FIRST_ENTRY. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_create_entry (3), +.BR acl_copy_entry (3), +.BR acl_delete_entry (3), +.BR acl (5) diff --git a/man/man3/acl_get_fd.3 b/man/man3/acl_get_fd.3 index e69de29..bccea63 100644 --- a/man/man3/acl_get_fd.3 +++ b/man/man3/acl_get_fd.3 @@ -0,0 +1,80 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_FD 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_fd \- get an ACL by file descriptor +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_get_fd (const char *\f2fd\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_fd +function retrieves the access ACL associated with the file referred to by +.IR fd . +The ACL is placed into working storage and +.B acl_get_fd +returns a pointer to that storage. +.PP +In order to read an ACL from an object, a process must have read access to +the object's attributes. +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with the (void*)acl_t returned by +.B acl_get_fd +as an argument. +.SH RETURN VALUE +Upon successful completion, this function shall return a pointer to the +working storage. Otherwise, a value of (acl_t)NULL shall be returned, and +.B errno +shall be set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_fd +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[ENOMEM] +The ACL working storage requires more memory than is allowed by the hardware or system-imposed memory management constraints. +.TP +.SM +\%[ENOTSUP] +The file system on which the file identified by +.I fd +is located does not support ACLs, or ACLs are disabled. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_file (3), +.BR acl_set_file (3), +.BR acl (5) diff --git a/man/man3/acl_get_file.3 b/man/man3/acl_get_file.3 index e69de29..fd211ae 100644 --- a/man/man3/acl_get_file.3 +++ b/man/man3/acl_get_file.3 @@ -0,0 +1,106 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_FILE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_file \- get an ACL by filename +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_get_file (const char *\f2path_p\f3, acl_type_t \f2type\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_file +function retrieves the access ACL associated with a file or directory, or the default ACL associated with a directory. The pathname for the file or directory is pointed to by the argument +.IR path_p . +The ACL is placed into working storage and +.B acl_get_file +returns a pointer to that storage. +.PP +In order to read an ACL from an object, a process must have read access to +the object's attributes. +.PP +The value of the argument +.I type +is used to indicate whether the access ACL or the default ACL associated with +.I path_p +is returned. If +.I type +is ACL_TYPE_ACCESS, the access ACL of +.I path_p +is returned. +If +.I type +is ACL_TYPE_DEFAULT, the default ACL of +.I path_p +is returned. +If +.I type +is TYPE_DEFAULT and no default ACL is associated with +.IR path_p , +then an ACL containing zero ACL entries is returned. +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with the (void*)acl_t returned by +.B acl_get_file +as an argument. +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the +working storage. Otherwise, a value of (acl_t)NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_file +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I type +is not ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT. +.TP +.SM +\%[ENOMEM] +The ACL working storage requires more memory than is allowed by the hardware or system-imposed memory management constraints. +.TP +.SM +\%[ENOTSUP] +The file system on which the file identified by +.I path_p +is located does not support ACLs, or ACLs are disabled. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_fd (3), +.BR acl_set_file (3), +.BR acl (5) diff --git a/man/man3/acl_get_perm.3 b/man/man3/acl_get_perm.3 new file mode 100644 index 0000000..5d371db --- /dev/null +++ b/man/man3/acl_get_perm.3 @@ -0,0 +1,86 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_PERM 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_perm \- test for a permission in an ACL permission set +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_get_perm (acl_permset_t \f2permset_d\f3, " +.B " acl_perm_t \f2perm\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_perm +function tests if the permission specified by the argument +.I perm +is contained in the ACL permission set pointed to by the argument +.IR permset_d . +.PP +Any existing descriptors that refer to +.I permset_d +continue to refer to that permission set. +.SH RETURN VALUE +If successful, the +.B acl_get_perm +function returns 1 if the permission specified by +.I perm +is contained in the ACL permission set +.IR permset_d , +and 0 if the permission is not contained in the permission set. +Otherwise, the value -1 is returned and the global variable +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_perm +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I permset_d +is not a valid descriptor for a permission set within an ACL entry. +.TP +.SM +\%[EINVAL] +The argument +.I perm +is not a valid +.I acl_perm_t +value. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_add_perm (3), +.BR acl_delete_perm (3), +.BR acl_clear_perms (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +.BR acl (5) diff --git a/man/man3/acl_get_permset.3 b/man/man3/acl_get_permset.3 new file mode 100644 index 0000000..660426b --- /dev/null +++ b/man/man3/acl_get_permset.3 @@ -0,0 +1,76 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_PERMSET 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_permset \- retrieve the permission set from an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_get_permset (acl_entry_t \f2entry_d\f3, " +.B " acl_permset_t *\f2permset_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_permset +function returns in +.I permset_p +a descriptor to the permission set in the ACL entry indicated by +.IR entry_d . +Subsequent operations using the returned permission set descriptor operate on the permission set within the ACL entry. +.PP +Any ACL entry descriptors that refer to the entry referred to by +.I entry_d +shall continue to refer to those entries. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_permset +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid descriptor for an ACL entry. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_perm (3), +.BR acl_add_perm (3), +.BR acl_delete_perm (3), +.BR acl_clear_perms (3), +.BR acl_set_permset (3), +.BR acl_get_qualifier (3), +.BR acl_set_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_set_tag_type (3), +.BR acl (5) diff --git a/man/man3/acl_get_qualifier.3 b/man/man3/acl_get_qualifier.3 new file mode 100644 index 0000000..5ceacb9 --- /dev/null +++ b/man/man3/acl_get_qualifier.3 @@ -0,0 +1,121 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_QUALIFIER 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_qualifier \- retrieve the qualifier from an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "void * acl_get_qualifier (acl_entry_t \f2entry_d\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_qualifier +function retrieves the qualifier from the ACL entry indicated by the argument +.I entry_d +into working storage and returns a pointer to that storage. +.PP +If the value of the tag type in the ACL entry referred to by +.I entry_d +is ACL_USER, then the value returned by +.B acl_get_qualifier +is a pointer to type +.BR uid_t . +If the value of the tag type in the ACL entry referred to by +.I entry_d +is ACL_GROUP, then the value returned by +.B acl_get_qualifier +is a pointer to type +.IR gid_t . +If the tag type in the ACL entry referred to by +.I entry_d +is a tag type for which a qualifier is not supported, +.B acl_get_qualifier +returns a value of NULL +and the function fails. Subsequent operations using the returned pointer +operate on an independent copy of the qualifier in working storage, and +will not change the qualifier of the ACL entry. +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new qualifier is no longer required, by calling +.B acl_free +with the +.B "void *" +value returned by +.B acl_get_qualifier +as an argument. +.PP +The argument +.I entry_d +and any other ACL entry descriptors that refer to entries within the ACL +containing the entry referred to by +.I entry_d +continue to refer to those entries. The order of all existing +entries in the ACL containing the entry referred to by +.I entry_d +remains unchanged. +.SH RETURN VALUE +Upon successful completion, the function returns a pointer to the tag +qualifier that was retrieved into ACL working storage. Otherwise, a value +of NULL is returned and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_qualifier +function returns (void *)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid descriptor for an ACL entry. +.TP +.SM +\%[EINVAL] +The value of the tag type in the ACL entry referenced by the +.I entry_d +argument is neither ACL_USER nor ACL_GROUP. +.TP +.SM +\%[ENOMEM] +The value to be returned requires more memory than is allowed by the hardware or system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_create_entry (3), +.BR acl_get_entry (3), +.BR acl_set_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_set_tag_type (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_get_tag_type.3 b/man/man3/acl_get_tag_type.3 new file mode 100644 index 0000000..43209e5 --- /dev/null +++ b/man/man3/acl_get_tag_type.3 @@ -0,0 +1,76 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_GET_TAG_TYPE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_get_tag_type \- get the tag type of an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_get_tag_type (acl_entry_t \f2entry_d\f3, " +.B " acl_tag_t *\f2tag_type_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_get_tag_type +function assigns to the value pointed to by +.I tag_type_p +the tag type for the ACL entry indicated by the argument +.IR entry_d . +.PP +The argument +.I entry_d +and any other ACL entry descriptors that refer to entries in the same +ACL continue to refer to those entries. The order of all existing +entries in the ACL remain unchanged. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_get_tag_type +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid descriptor for an ACL entry. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_create_entry (3), +.BR acl_get_entry (3), +.BR acl_get_qualifier (3), +.BR acl_set_qualifier (3), +.BR acl_set_tag_type (3), +.BR acl_get_permset (3), +.BR acl_set_pe)mset (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_init.3 b/man/man3/acl_init.3 new file mode 100644 index 0000000..73b63e7 --- /dev/null +++ b/man/man3/acl_init.3 @@ -0,0 +1,80 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_INIT 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_init \- initialize ACL working storage +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "acl_t acl_init (int \f2count\f3);" +.Op +.SH DESCRIPTION +The +.B acl_init +function allocates and initializes the working storage for an ACL of at least +.I count +ACL entries. The ACL created initially contains no ACL entries. +A pointer to the working storage is returned. +.PP +This function may cause memory to be allocated. The caller should free any +releasable memory, when the new ACL is no longer required, by calling +.BR acl_free (3) +with the +.B (void*)acl_t +returned by +.B acl_init +as an argument. +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the +working storage. Otherwise, a value of (acl_t)NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_init +function returns a value of (acl_t)NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The value of +.I count +is less than zero. +.TP +.SM +\%[ENOMEM] +The +.B acl_t +to be returned requires more memory than is allowed by the hardware or +system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_set_fd.3 b/man/man3/acl_set_fd.3 new file mode 100644 index 0000000..0a181e9 --- /dev/null +++ b/man/man3/acl_set_fd.3 @@ -0,0 +1,90 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_SET_FD 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_set_fd \- set an ACL by file descriptor +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_set_fd (int \f2fd\f3, acl_t \f2acl\f3);" +.Op +.SH DESCRIPTION +The +.B acl_set_fd +function associates an access ACL with the file referred to by +.IR fd . +.PP +The effective user ID of the process must match the owner of the file or the process must have the CAP_FOWNER capability for the request to succeed. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_set_fd +function returns the value -1 and and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +does not point to a valid ACL. +.TP +.SM +\%[EINVAL] +The ACL has more entries than the file referred to by +.I fd +can obtain. +.TP +.SM +\%[ENOSPC] +The directory or file system that would contain the new ACL cannot be extended or the file system is out of file allocation resources. +.TP +.SM +\%[EPERM] +The process does not have appropriate privilege to perform the operation to set the ACL. +.TP +.SM +\%[EROFS] +This function requires modification of a file system which is currently read-only. +.TP +.SM +\%[ENOTSUP] +The file identified by +.I fd +cannot be associated with the ACL because the file system on which the file +is located does not support this. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_delete_def_file (3), +.BR acl_get_file (3), +.BR acl_set_file (3), +.BR acl_valid (3), +.BR acl (5) diff --git a/man/man3/acl_set_file.3 b/man/man3/acl_set_file.3 new file mode 100644 index 0000000..79057b6 --- /dev/null +++ b/man/man3/acl_set_file.3 @@ -0,0 +1,150 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_SET_FILE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_set_file \- set an ACL by filename +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_set_file (const char *\f2path_p\f3, " +.B " acl_type_t \f2type\f3, acl_t \f2acl\f3);" +.Op +.SH DESCRIPTION +The +.B acl_set_file +function associates an access ACL with a file or directory, or +associates a default ACL with a directory. The pathname for the file or +directory is pointed to by the argument +.IR path_p . +.PP +The effective user ID of the process must match the owner of the file or +directory or the process must have the CAP_FOWNER capability for the +request to succeed. +.PP +The value of the argument +.I type +is used to indicate whether the access ACL or the default ACL associated +with +.I path_p +is being set. If the +.I type +parameter is ACL_TYPE_ACCESS, the access ACL of +.I path_p +shall be set. +If the +.I type +parameter is ACL_TYPE_DEFAULT, the default ACL of +.I path_p +shall be set. +If the argument +.I type +specifies a type of ACL that cannot be associated with +.IR path_p , +then the function will fail. +.PP +The +.I acl +parameter must reference a valid ACL according to the rules described on the +.BR acl_valid (3) +manual page if the +.I type +parameter is ACL_TYPE_ACCESS, and must either reference a valid ACL or an ACL with zero ACL entries if the +.I type +parameter is ACL_TYPE_DEFAULT. If the +.I acl +parameter references an empty ACL, then the +.B acl_set_file +function removes any default ACL associated with the directory referred to +by the +.I path_p +parameter. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_set_file +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +does not point to a valid ACL. +.PP +The ACL has more entries than the file referred to by +.I path_p +can obtain. +.PP +The +.I type +parameter is ACL_TYPE_DEFAULT, but the file referred to by +.I path_p +is not a directory. +.TP +.SM +\%[ENOSPC] +The directory or file system that would contain the new ACL cannot be extended or the file system is out of file allocation resources. +.TP +.SM +\%[EPERM] +The process does not have appropriate privilege to perform the operation to set the ACL. +.TP +.SM +\%[EROFS] +This function requires modification of a file system which is currently read-only. +.TP +.SM +\%[ENOTSUP] +The file identified by +.I path_p +cannot be associated with the ACL because the file system on which the file +is located does not support this. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.PP +The behavior of +.B acl_set_file +when the +.I acl +parameter refers to an empty ACL and the +.I type +parameter is ACL_TYPE_DEFAULT is an extension in the Linux implementation, in order that all values returned by +.BR acl_get_file (3) +can be passed to +.BR acl_set_file . +The POSIX.1e function for removing a default ACL is +.BR acl_delete_def_file . +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_delete_def_file (3), +.BR acl_get_file (3), +.BR acl_set_fd (3), +.BR acl_valid (3), +.BR acl (5) diff --git a/man/man3/acl_set_permset.3 b/man/man3/acl_set_permset.3 new file mode 100644 index 0000000..cd69f2b --- /dev/null +++ b/man/man3/acl_set_permset.3 @@ -0,0 +1,96 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_SET_PERMSET 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_set_permset \- set the permission set in an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_set_permset (acl_entry_t \f2entry_d\f3, " +.B " acl_permset_t \f2permset_d\f3);" +.Op +.SH DESCRIPTION +The +.B acl_set_permset +function sets the permission set of the ACL entry indicated by the argument +.I entry_d +to the permissions contained in the argument +.IR permset_d . +.PP +Any ACL entry descriptors that refer to the entry containing the permission +set referred to by +.I permset_d +shall continue to refer to those entries. Any ACL entry descriptors that +refer to the entry referred to by +.I entry_d +shall continue to refer to that entry. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_set_permset +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid descriptor for an ACL entry. +.TP +.SM +\%[EINVAL] +The argument +.I permset_d +is not a valid descriptor for a permission set within an ACL entry. +.TP +.SM +\%[EINVAL] +.\" <AG> +.\" The following condition seems strange. +.\" </AG> +The argument +.I permset_d +contains values which are not valid +.B acl_permset_t +values. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_get_perm (3), +.BR acl_add_perm (3), +.BR acl_delete_perm (3), +.BR acl_clear_perms (3), +.BR acl_get_permset (3), +.BR acl_get_qualifier (3), +.BR acl_set_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_set_tag_type (3), +.BR acl (5) diff --git a/man/man3/acl_set_qualifier.3 b/man/man3/acl_set_qualifier.3 new file mode 100644 index 0000000..a26b319 --- /dev/null +++ b/man/man3/acl_set_qualifier.3 @@ -0,0 +1,113 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_SET_QUALIFIER 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_set_qualifier \- set the qualifier of an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_set_qualifier (acl_entry_t \f2entry_d\f3, " +.B " const void *\f2qualifier_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_set_qualifier +function sets the qualifier of the ACL entry indicated by the argument +.I entry_d +to the value referred to by the argument +.IR qualifier_p . +If the value of the tag type in the ACL entry referred to by +.I entry_d +is ACL_USER, then the value referred to by +.I qualifier_p +shall be of type +.BR uid_t . +If the value of the tag type in the ACL entry referred to by +.I entry_d +is ACL_GROUP, then the value referred to by +.I qualifier_p +shall be of type +.BR gid_t . +If the value of the tag type in the ACL entry referred to by +.I entry_d +is a tag type for which a qualifier is not supported, +.B acl_set_qualifier +returns an error. +.PP +Any ACL entry descriptors that refer to the entry referred to by +.I entry_d +continue to refer to that entry. This function may cause memory to be +allocated. The caller should free any releasable memory, when the ACL +is no longer required, by calling +.BR acl_free (3) +with a pointer to the ACL as argument. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_set_qualifier +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid descriptor for an ACL entry. +.TP +.SM +\%[EINVAL] +The value of the tag type in the ACL entry referenced by the +.I entry_d +argument is neither ACL_USER nor ACL_GROUP. +.TP +.SM +\%[EINVAL] +The value pointed to by the argument +.I qualifier_p +is not valid. +.TP +.SM +\%[ENOMEM] +The +.B acl_set_qualifier +function is unable to allocate the memory required for the ACL qualifier. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_create_entry (3), +.BR acl_set_entry (3), +.BR acl_get_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_set_tag_type (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_set_tag_type.3 b/man/man3/acl_set_tag_type.3 new file mode 100644 index 0000000..78dc740 --- /dev/null +++ b/man/man3/acl_set_tag_type.3 @@ -0,0 +1,80 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_SET_TAG_TYPE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_set_tag_type \- set the tag type of an ACL entry +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_set_tag_type (acl_entry_t \f2entry_d\f3, " +.B " acl_tag_t \f2tag_type\f3);" +.Op +.SH DESCRIPTION +The +.B acl_set_tag_type +function sets the tag type of the ACL entry indicated by the argument +.I entry_d +to the value of the argument +.IR tag_type . +.PP +Any ACL entry descriptors that refer to the entry referred to by +.I entry_d +continue to refer to that entry. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_set_tag_type +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I entry_d +is not a valid descriptor for an ACL entry. +.TP +.SM +\%[EINVAL] +The argument +.I tag_type +is not a valid tag type. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_create_entry (3), +.BR acl_set_entry (3), +.BR acl_get_qualifier (3), +.BR acl_set_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_size.3 b/man/man3/acl_size.3 index e69de29..44d4516 100644 --- a/man/man3/acl_size.3 +++ b/man/man3/acl_size.3 @@ -0,0 +1,75 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_SIZE 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_size \- get the size of the external representation of an ACL +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "ssize_t acl_size (acl_t \f2acl\f3);" +.Op +.SH DESCRIPTION +The +.B acl_size +function return the size, in bytes, of the buffer required to hold the exportable, contiguous, persistent form of the ACL pointed to by the argument +.IR acl , +when converted by +.BR acl_copy_ext (3). +.PP +Any existing ACL entry descriptors that refer to entries in +.I acl +continue to refer to the same entries. Any existing ACL pointers that refer +to the ACL referred to by +.I acl +continue to refer to the ACL. The order of ACL entries within +.I acl +remains unchanged. +.SH RETURN VALUE +Upon successful completion, the +.B acl_size +function returns the size in bytes of the contiguous, persistent form of +the ACL. Otherwise, a value of (ssize_t)-1 is returned and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.BR acl_size (3) +function returns a value of (ssize_t)-1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_copy_ext (3), +.BR acl (5) diff --git a/man/man3/acl_to_any_text.3 b/man/man3/acl_to_any_text.3 new file mode 100644 index 0000000..0d33bd0 --- /dev/null +++ b/man/man3/acl_to_any_text.3 @@ -0,0 +1,159 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_TO_ANY_TEXT 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_to_any_text \- convert an ACL to text +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.B #include <acl/libacl.h> +.sp +.B "char *acl_to_any_text (acl_t \f2acl\f3, const char *\f2prefix\f3, " +.B " char \f2separator\f3, int \f2options\f3);" +.Op +.SH DESCRIPTION +The +.B acl_to_any_text +function translates the ACL pointed to by the argument +.I acl +into a NULL terminated character string. This character string +is composed of the ACL entries contained in +.IR acl , +in the entry text format described on +.BR acl (5). +Entries are separated from each other by the +.I separator +character. +If the argument +.I prefix +is not NULL, +each entry is prefixed by this character string. +.PP +If the argument +.I options +is 0, ACL entries are converted using the entry tag type keywords +.BR user , +.BR group , +.BR mask , +and +.BR other . +User IDs and group IDs of ACL entries that contain such +qualifiers are converted to their corresponding names; if an identifier +has no corresponding name, a decimal number string is produced. The +ACL text representation contains no additional comments. +.PP +A bitwise combinations of the following +.I options +can be used to modify the result: +.TP +.B TEXT_ABBREVIATE +Instead of the full tag type keywords, single letter abbreviations are used. +The abbreviation for +.B user +is +.BR u , +the abbreviation for +.B group +is +.BR g , +the abbreviation for +.B mask +is +.BR m , +and the abbreviation for +.B other +is +.BR o . +.TP +.B TEXT_NUMERIC_IDS +User IDs and group IDs are included as decimal numbers instead of names. +.TP +.B TEXT_SOME_EFFECTIVE +A comment containing the effective permissions of the ACL entry is +included after ACL entries that contain permissions which are ineffective +because they are masked by an ACL_MASK entry. The ACL entry and the comment +are separated by a tab character. +.TP +.B TEXT_ALL_EFFECTIVE +A comment containing the effective permissions of the ACL entry is +included after all ACL entries that are affected by an ACL_MASK entry. +The comment is included even if the permissions contained in the ACL +entry equal the effective permissions. The ACL entry and the comment are +separated by a tab character. +.TP +.B TEXT_SMART_INDENT +This option is used in combination with the TEXT_SOME_EFFECTIVE or +TEXT_ALL_EFFECTIVE option. The number of tab characters inserted between +the ACL entry and the comment is increased so that the comment is +aligned to at least column 32, if printed starting from column 0. A tab +width of 8 characters is assumed. +.PP +The ACL referred to by +.I acl +is not changed. +.PP +This function allocates any memory necessary to contain the string and +returns a pointer to the string. The caller should free any releasable +memory, when the new string is no longer required, by calling +.BR acl_free (3) +with the char* returned by +.B acl_to_any_text +as an argument. +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the text +representation of the ACL. Otherwise, a value of NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_to_any_text +function returns a value of NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The ACL referenced by +.I acl +contains one or more improperly formed ACL entries, or for some other +reason cannot be translated into the text form of an ACL. +.TP +.SM +\%[ENOMEM] +The character string to be returned requires more memory than is allowed +by the hardware or system-imposed memory management constraints. +.SH STANDARDS +This is a non-portable, Linux specific extension to the ACL manipulation +functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned). +.SH AUTHOR +Written by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_to_text (3), +.BR acl_free (3), +.BR acl (5) diff --git a/man/man3/acl_to_text.3 b/man/man3/acl_to_text.3 new file mode 100644 index 0000000..21af96d --- /dev/null +++ b/man/man3/acl_to_text.3 @@ -0,0 +1,98 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_FROM_TEXT 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_to_text \- convert an ACL to text +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "char * acl_to_text (acl_t \f2acl\f3, ssize_t *\f2len_p\f3);" +.Op +.SH DESCRIPTION +The +.B acl_to_text +function translates the ACL pointed to by the +.I acl +argument into a NULL terminated character string. If the pointer +.I len_p +is not NULL, +then the function returns the length of the string (not +including the NULL terminator) in the location pointed to by +.IR len_p . +The format of the text string returned by +.B acl_to_text +is the long text form defined in +.BR acl (5). +The ACL referred to by +.I acl +is not changed. +.PP +This function allocates any memory necessary to contain the string and +returns a pointer to the string. The caller should free any releasable +memory, when the new string is no longer required, by calling +.BR acl_free (3) +with the (void*)char returned by +.B acl_to_text +as an argument. +.SH RETURN VALUE +Upon successful completion, this function returns a pointer to the +long text form of the ACL. +Otherwise, a value of NULL is returned, and +.B errno +is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_to_text +function returns a value of NULL and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The ACL referenced by +.I acl +contains one or more improperly formed ACL entries, or for some other +reason cannot be translated into a text form of an ACL. +.TP +.SM +\%[ENOMEM] +The character string to be returned requires more memory than is allowed +by the hardware or system-imposed memory management constraints. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl_from_text (3), +.BR acl_free (3), +.BR acl_to_any_text (3), +.BR acl (5) diff --git a/man/man3/acl_valid.3 b/man/man3/acl_valid.3 index e69de29..205eba5 100644 --- a/man/man3/acl_valid.3 +++ b/man/man3/acl_valid.3 @@ -0,0 +1,83 @@ +.\" Access Control Lists manual pages +.\" +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.TH ACL_VALID 3 "Linux ACL Library" "March 2002" "Access Control Lists" +.SH NAME +acl_valid \- validate an ACL +.SH LIBRARY +Linux Access Control Lists library (libacl, \-lacl). +.SH C SYNOPSIS +.sp +.nf +.B #include <sys/types.h> +.B #include <sys/acl.h> +.sp +.B "int acl_valid (acl_t \f2acl\f3);" +.Op +.SH DESCRIPTION +The +.B acl_valid +function checks the ACL referred to by the argument +.I acl +for validity. +.PP +The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER +must exist exactly once in the ACL. If the ACL contains any ACL_USER or +ACL_GROUP entries, then an ACL_MASK entry is also required. The ACL +may contain at most one ACL_MASK entry. +.PP +The user identifiers must be unique among all entries of type ACL_USER. +The group identifiers must be unique among all entries of type ACL_GROUP. +.SH RETURN VALUE +The value 0 is returned if successful; otherwise the value -1 is +returned and the global variable errno is set to indicate the error. +.SH ERRORS +If any of the following conditions occur, the +.B acl_valid +function returns -1 and sets +.B errno +to the corresponding value: +.TP +.SM +\%[EINVAL] +The argument +.I acl +is not a valid pointer to an ACL. +.TP +.SM +\%[EINVAL] +The argument +.I acl +does not point to a valid ACL. +.TP +.SM +\%[EINVAL] +One or more of the required ACL entries is not present in +.IR acl . +.TP +.SM +\%[EINVAL] +The ACL contains entries that are not unique. +.SH STANDARDS +IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned) +.SH AUTHOR +Derived from the FreeBSD manual pages written by +.IR "Robert N M Watson" ; +and adapted for Linux by +.I "Andreas Gruenbacher" +<a.gruenbacher@computer.org>. +.SH SEE ALSO +.BR acl (5) diff --git a/man/man5/acl.5 b/man/man5/acl.5 index 18bf783..3debeae 100644 --- a/man/man5/acl.5 +++ b/man/man5/acl.5 @@ -1,263 +1,472 @@ +.\" Access Control Lists manual pages .\" -.\" Access Control Lists +.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org> .\" -.\" Documentation for the Linux implementation -.\" (C) Andreas Gruenbacher, 1999 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.TH ACL 5 "Access Control Lists" "Sep 1999" "Access Control Lists" +.TH ACL 5 "Access Control Lists" "March 2002" "Access Control Lists" .SH NAME -acl - Access Control Lists +acl \- Access Control Lists .SH DESCRIPTION -This document describes Posix-style access control lists as implemented under -Linux. Access control lists (ACLs) are used to define access to files -and directories. - -In portable programs, the Posix 1003.1e Draft Standard 17 library -functions should be used for mainpulating ACL. On most platforms, the -ACL entry manipulation functions are not available, so relying only on -the ACL manipulation and format conversion functions (ACL to and from -text format) is more portable. The library functions are declared in -the -.I sys/acl.h -header file. - -.SH ACCESS CONTROL LIST ENTRIES -An access control list contains a number of entries of various types. Each entry stands for permissions granted to a user, or to a group of users. +This manual page describes POSIX Access Control Lists, which are used to +define more fine-grained discretionary access rights for files and +directories. +.SH ACL TYPES +Every object can be thought of as having associated with it an ACL that +governs the discretionary access to that object; this ACL is referred to +as an access ACL. In addition, a directory may have an associated ACL +that governs the initial access ACL for objects created within that +directory; this ACL is referred to as a default ACL. +.SH ACL ENTRIES +An ACL consists of a set of ACL entries. An ACL entry specifies the +access permissions on the associated object for an individual user or a +group of users as a combination of read, write and search/execute +permissions. .PP -An ACL may contain entries with the following entry tag types. +An ACL entry contains an entry tag type, an optional entry tag +qualifier, and a set of permissions. +We use the term qualifier to denote the entry tag qualifier of an ACL entry. .PP -.RS -.fam C -.nf -ACL_USER_OBJ (owner) -ACL_USER (named user) -ACL_GROUP_OBJ (owning group) -ACL_GROUP (named group) -ACL_MASK (effective rights mask) -ACL_OTHER (other users) -.fi -.fam T -.RE +The qualifier denotes the identifier of a user or a group, for entries +with tag types of ACL_USER or ACL_GROUP, respectively. Entries with tag +types other than ACL_USER or ACL_GROUP have no defined qualifiers. .PP -The -ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER entries -correspond to the traditional file mode permission bits. There is -exactly one each of these entries in a valid ACL. +The following entry tag types are defined: +.TP +.B ACL_USER_OBJ +The ACL_USER_OBJ entry denotes access rights for the file owner. +.TP +.B ACL_USER +ACL_USER entries denote access rights for users identified by +the entry's qualifier. +.TP +.B ACL_GROUP_OBJ +The ACL_GROUP_OBJ entry denotes access rights for the file group. +.TP +.B ACL_GROUP +ACL_USER entries denote access rights for groups identified by +the entry's qualifier. +.TP +.B ACL_MASK +The ACL_MASK entry denotes the maximum access rights that can be granted +by entries of type ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP. +.TP +.B ACL_OTHER +The ACL_OTHER entry denotes access rights for processes +that do not match any other entry in the ACL. .PP -ACL_USER and ACL_GROUP -entries define explicit rights for users and groups, respectively. For -entries of these two types, -.I a_id[0] -is set to the ID of the user or group in question. Whenever there are -any entries of the last two types in the ACL, an ACL_MASK -entry is also required. - -An ACL_MASK entry limits the effective rights granted -to named users or groups. The efective rights granted are those -that are both granted by the user's or group's entry, and by the ACL_MASK entry. The ACL_MASK entry does not apply to the ACL_USER_OBJ and ACL_OTHER entries. +When an access check is performed, the ACL_USER_OBJ and ACL_USER entries +are tested against the effective user ID. The effective group ID, as +well as all supplementary group IDs are tested against the ACL_GROUP_OBJ +and ACL_GROUP entries. +.SH VALID ACLs +A valid ACL contains exactly one entry with each of the ACL_USER_OBJ, +ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries with ACL_USER and +ACL_GROUP tag types may appear zero or more times in an ACL. An ACL that +contains entries of ACL_USER or ACL_GROUP tag types must contain +exactly one entry of the ACL_MASK tag type. If an ACL contains no +entries of ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is +optional. .PP -The lowest three bits of -.I a_perm -define the rights granted to the user the entry applies to, just like -the bits in the traditional file mode. This results in a value between 0 and 7 -(from 0 standing for no access to 7 standing for read, write, and execute access). For accessing these bits, the constants ACL_READ, ACL_WRITE and ACL_EXECUTE should be used. - -.SH VALID ACCESS CONTROL LISTS -Each valid ACL has as a minimum the three required base entries -ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER. These entries correspond -to the traditional Posix permission bits. There must be exactly one each -of these three entries. The permission mask `rw-r-----' corresponds to the -following entries: -.sp -.RS -.fam C -.nf - u::rw- (ACL_USER_OBJ entry) - g::r-- (ACL_GROUP_OBJ entry) - o::--- (ACL_OTHER entry) -.fi -.fam T -.RE +All user ID qualifiers must be unique among all entries of +ACL_USER tag type, and all group IDs must be unique among all entries of +ACL_GROUP tag type. +.\"minimal vs. extended ACLs .PP -An ACL must also contain exactly one ACL_MASK entry, if it contains -additional ACL_USER or ACL_GROUP entries. For each user or group, there -must be at most one ACL_USER or ACL_GROUP entry per access control list. An ACL may also contain an ACL_MASK entry if no ACL_USER or ACL_GROUP entries exist. -.sp -.RS -.fam C -.nf - u:joe:rw- (ACL_USER entry) - g:webteam:rw- (ACL_GROUP entry) - m::rw- (ACL_MASK entry) -.fi -.fam T -.RE +The +.BR acl_get_file (3) +function returns an ACL with zero ACL entries as the default ACL of a +directory, if the directory is not associated with a default ACL. The +.BR acl_set_file (3) +function also accepts an ACL with zero ACL entries as a valid default ACL for +directories, denoting that the directory shall not be associated with a +default ACL. This is equivalent to using the +.BR acl_delete_def_file (3) +function. +.SH CORRESPONDENCE BETWEEN ACL ENTRIES AND FILE PERMISSION BITS +The permissions defined by ACLs are a superset of the permissions +specified by the file permission bits. The permissions defined for +the file owner correspond to the permissions of the ACL_USER_OBJ entry. +The permissions defined for the file group correspond to the permissions +of the ACL_GROUP_OBJ entry, if the ACL has no ACL_MASK entry. If the ACL +has an ACL_MASK entry, then the permissions defined for the file group +correspond to the permissions of the ACL_MASK entry. The permissions +defined for the other class correspond to the permissions of the +ACL_OTHER_OBJ entry. .PP -.SS THE ACL_MASK ENTRY -The purpose of the ACL_MASK entry is to limit -the effective rights granted to groups and named users in -the ACL. The effective rights granted to a user or a group with an ACL_USER -or an ACL_GROUP entry are those which are listed in both the ACL_USER -or ACL_GROUP entry -.I and -the ACL_MASK entry. The ACL_USER_OBJ and ACL_OTHER entries -are not affected by the ACL_MASK entry. - -.SH PERMISSIONS -The permissions required for manipulating ACLs of an inode are similar -to the permissions required for manipulating the file mode. Processes -with search access to a file are granted the right to read ACLs. Only the -file owner and processes capable of CAP_FOWNER are granted the right to -modify ACLs. (On current Linux systems, root is the only user with the -CAP_FOWNER capability.) - -.SH DETERMINING ACCESS -When a process requests access to a file, the following algorithm determines whether access is granted or not. The input to the algorithm is a set of requested permissions (read, write, execute). - -.SS (1) "Find a matching ACL entry" -.IP * 4 -If the user is the file owner, access is granted \fIonly\fR if the -ACL_USER_OBJ entry contains the requested permissions. -.IP * 4 -If the ACL contains a named user (ACL_USER) entry that matches the user, then: -.RS -.IP - 4 -If access is granted by that entry, continue with step \fB(2)\fR below. -.IP - 4 -Otherwise, access is denied. -.RE -.IP * 4 -If the user is in the owning group of the file (ACL_GROUP_OBJ entry), or if the user is member of a named group (ACL_GROUP entries), then: -.RS -.IP - 4 -If either the ACL_GROUP_OBJ entry or one of the ACL_GROUP entries contains the requested permissions, continue with step \fB(2)\fR below. (Permissions of multiple ACL entries are -.I not -accumulated.) -.IP - 4 -Otherwise, access is denied. -.RE -.IP * 4 -If none of the above rules match, then -.RS -.IP - 4 -If the ACL_OTHER entry contains the requested permissions, access is -granted. -.IP - 4 -Otherwise, access is denied. -.RE -.SS (2) Check the access mask -.IP * 4 -If the access mask (ACL_MASK) contains the requested permissions, access is granted. -.IP * 4 -Otherwise, access is denied. -.SH DEFAULT ACCESS CONTROL LISTS -Directories may have a default ACL, in addition to the regular ACL. While the -purpose of the regular ACL is to control access to a file or directory, -the purpose of the default ACL is to control access to files which are -created inside the directory. +Modification of the file permission bits results in the modification of +the permissions in the associated ACL entries. Modification of the +permissions in the ACL entries results in the modification of the file +permission bits. +.SH OBJECT CREATION AND DEFAULT ACLs +The access ACL of a file object is initialized when the object is +created with any of the +.BR creat (2), +.BR mkdir (2), +.BR mknod (2), +.BR mkfifo (2), +or +.BR open (2) +functions. +If a default ACL is associated with a directory, the +.I mode +parameter to the functions creating file objects and the default ACL of +the directory are used to determine the ACL of the new object: +.IP 1. 4 +The new object inherits the default ACL of the containing directory +as its access ACL. +.IP 2. 4 +The access ACL entries corresponding to the file permission bits are +modified so that they contain no permissions that are not +contained in the permissions specified by the +.I mode +parameter. .PP -When a file is created, -a create permissions are specified that determines the maximum access rights to -the file. This usually is 0666 of files, and 0777 for directories. +If no default ACL is associated with a directory, the +.I mode +parameter to the functions creating file objects and the file creation +mask (see +.BR umask (2)) +are used to determine the ACL of the new object: +.IP 1. 4 +The new object is assigned an access ACL containing entries of tag types +ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_MASK. The permissions of these +entries are set to the permissions specified by the file creation mask. +.IP 2. 4 +The access ACL entries corresponding to the file permission bits are +modified so that they contain no permissions that are not +contained in the permissions specified by the +.I mode +parameter. +.SH ACCESS CHECK ALGORITHM +A process may request read, write, or execute/search access to a file object +protected by an ACL. The access check algorithm determines whether access to +the object will be granted. +.IP 1. 4 +.B If +the effective user ID of the process matches the user ID of the file object owner, +.B then +.IP +.in +4 +.B if +the ACL_USER_OBJ entry contains the requested permissions, access is granted; +.in -4 +.IP +.in +4 +.B else +access is denied. +.in -4 +.IP 2. 4 +.B "else if" +the effective user ID of the process matches the qualifier of any entry +of type ACL_USER, +.B then +.IP +.in +4 +.B if +the matching ACL_USER entry and the ACL_MASK entry contain the requested +permissions, access is granted, +.in -4 +.IP +.in +4 +.B else +access is denied. +.in -4 +.IP 3. 4 +.B "else if" +the effective group ID or any of the supplementary group IDs of the +process match the qualifier of any entry of type ACL_GROUP, +.B then +.IP +.in +4 +.B if +the ACL_MASK entry and any of the matching ACL_GROUP group entries contain +the requested permissions, access is granted, +.in -4 +.IP +.in +4 +.B else +access is denied. +.in -4 +.IP 4. 4 +.B "else if" +the ACL_OTHER entry contains the requested permissions, access is granted. +.IP 5. 4 +.B else +access is denied. +.\".IP 5. 4 +.\"Checking whether the requested access modes are granted by the matched entry. + +.SH ACL TEXT FORMS +A long and a short text form for representing ACLs is defined. In both forms, ACL entries are represented as three colon separated fields: an ACL entry tag type, an ACL entry qualifier, and the discretionary access permissions. The first field contains one of the following entry tag type keywords: +.TP +.B user +specifies the access granted to either the file owner (entry tag +type ACL_USER_OBJ) or a specified user (entry tag type ACL_USER). +.TP +.B group +specifies the access granted to either the file group (entry tag +type ACL_GROUP_OBJ) or a specified group (entry tag type ACL_GROUP). +.TP +.B mask +specifies the maximum access which can be granted by any ACL +entry except the +.B user +entry for the file owner and the +.B other +entry (entry tag type ACL_MASK). +.TP +.B other +specifies the access granted to any process that does not match any +.B user +or +.B group +ACL entries (entry tag type ACL_OTHER). .PP -Traditionally, the effective access rights to new files are determined by combining the -.B umask -and the create permissions. The default ACL replaces the role of the -.BR umask . -The following steps are taken when a file is created inside a directory which has a default ACL: -.IP * 4 -The new file inherits the directory's default ACL as its access ACL. -.IP * 4 -The permissions of the new file's access ACL are modified in the following way: -.RS -.IP - 4 -The ACL_USER entry is set to the union of the value determied by the default ACL and the user bits of the create permissions. -.IP - 4 -The ACL_OTHER entry is set to the union of the value determined by the default ACL and the other bits of the create permissions. -.IP - 4 -If the new file's ACL contains an ACL_MASK entry, the permission bits of the ACL_MASK entry are set to the group bits of the create permissions. If the new file's ACL does not contain an ACL_MASK entry, the permission bits of the ACL_GROUP_OBJ entry are set to the group bits of the create permissions. -.RE -.IP * 4 -The user and other part of the new file's mode bits are set to the ACL_USER_OBJ and ACL_OTHER permission bits, respectively. -.IP * 4 -If the new file's ACL contains an ACL_MASK entry, the group bits of the new file's mode field are set to the ACL_MASK entry permission bits. If the new file's ACL does not contain an ACL_MASK entry, the group bits of the new file's mode field are set to the ACL_GROUP_OBJ entry permission bits. -.IP * 4 -If the new file is a directory, it inherits the parent directory's default ACL as its own default ACL. +The second field contains the user or group identifier of the user or +group associated with the ACL entry for entries of entry tag type ACL_USER +or ACL_GROUP, and is empty for all other entries. A user identifier can +be a user name or a user ID number in decimal form. A group identifier can +be a group name or a group ID number in decimal form. .PP -For directories without a default ACL, the -.B umask -is used to determine effective permissions (see -.BR umask (2)). +The third field contains the discretionary access permissions. The read, +write and search/execute permissions are represented by the +.BR r , +.BR w , +and +.B x +characters, in this order. Each of these characters is replaced by the +hyphen character (\c +.BR \- ) +to denote that a permission is absent in the ACL entry. +When converting from the text form to the internal representation, +permissions that are absent need not be specified. .PP -.SH FILE MODE PERMISSION BITS TO ACL ENTRY MAPPING -.fam C +White space is permitted at the beginning and end of each ACL entry, and +immediately before and after a field separator (the colon character). +.SS LONG TEXT FORM +The long text form contains one ACL entry per line. +In addition, the hash character (\c +.BR # ) +may start a comment that extends until the end of the line. If an +ACL_USER, ACL_GROUP_OBJ or ACL_GROUP ACL entry contains permissions that +are not also contained in the ACL_MASK entry, the entry is followed by a +number sign, the string \(lqeffective:\(rq, and the effective access +permissions defined by that entry. This is an example of the long text +form: .nf - user group other - ----+-------+-------+-------+ - | r w x | r w x | r w x | - ----+-------+-------+-------+ - ^ ^ ^ - | | +-- maps to ACL_OTHER - | +-- maps to ACL_GROUP_OBJ or ACL_MASK - +-- maps to ACL_USER_OBJ +.sp .8v +.in +6 +user::rw- +user:lisa:rw- #effective:r-- +group::r-- +group:toolies:rw- #effective:r-- +mask::r-- +other::r-- +.in -6 +.fi +.IP +.SS SHORT TEXT FORM +The short text form is a sequence of ACL entries separated by commas, +and is used for input. Comments are not supported. Entry tag type +keywords may either appear in their full unabbreviated form, or in their +single letter abbreviated form. The abbreviation for +.B user +is +.BR u , +the abbreviation for +.B group +is +.BR g , +the abbreviation for +.B mask +is +.BR m , +and the abbreviation for +.B other +is +.BR o . +The permissions may contain at most one each of the following characters +in any order: +.BR r , +.BR w , +.BR x . +These are examples of the short text form: +.nf +.sp .8v +.in +6 +u::rw-,u:lisa:rw-,g::r--,g:toolies:rw-,m::r--,o::r-- +g:toolies:rw,u:lisa:rw,u::wr,g::r,o::r,m::r +.in -6 .fi -.fam T -.PP -.SH NFSv2, NFSv3 AND ACCESS CONTROL LISTS -The NFS protocol in version 2 performs some access control decisions at -the client, based on the file mode permission bits. It serves the user -cached file contents if it thinks access would be granted. This logic -is no longer correct if access control lists are in effect. Both false -positives and denials might result. - -As a workaround, the file mode permission bits are modified before -sending them to NFSv2 clients. This ensures NFS clients don't grant -extra permissions. (Only the kernel NFS daemon does that right now; the -userspace NFS daemon has not been patched yet.) The file mode permission -sent are a subset of the real file mode permission bits. They are changed -as follows: - -.IP * 4 -The group file mode permission bits are set to the intersection of the ACL_GROUP_OBJ and the ACL_MASK ACL entry. -.IP * 4 -The others file mode permission bits are set to the intersection of all -ACL entries excluding the ACL_USER_OBJ entry. -.PP -A consequence of these changes is that extended permissions granted by ACLs are not available over NFSv2 mounts. - -Up to at least 2.2.18 and 2.4.2 kernels, the NFSv3 implementation does -not implement the ACCESS remote procedure call. Therefore, NFSv3 currently -suffers the same problems as NFSv2. The same workaround is employed right -now. +.SH RATIONALE +IEEE 1003.1e draft 17 defines Access Control Lists that include entries +of tag type ACL_MASK, and defines a mapping between file permission bits +that is not constant. The standard working group defined this relatively +complex interface in order to ensure that applications that are compliant +with IEEE 1003.1 (\(lqPOSIX.1\(rq) will still function as expected on +systems with ACLs. The IEEE 1003.1e draft 17 contains the rationale for +choosing this interface in section B.23. .SH CHANGES TO THE FILE UTILITIES -The +On a system that supports ACLs, the file utilities +.BR ls (1), +.BR cp (1) +and +.BR mv (1) +change their behavior in the following ways: +.IP \- 4 +For files that have a default ACL or an access ACL that contains more than +the three required ACL entries, the .BR ls (1) -utility displays a plus sign (`+') after the permission string of entries with an extended ACL (i.e., entries where the permission string shows only part of the effective permissions). -.PP +utility in the long form produced by +.B "ls \-l" +displays a plus sign (\c +.BR + ) +after the permission string. +.IP \- 4 +If the +.B \-p +flag is specified, the +.BR cp (1) +utility also preserves ACLs. +If this is not possible, a warning is produced. +.IP \- 4 The -.BR cp "(1) and " mv (1) -utilities preserve ACLs if possible. If files are copied or moved between fileystems that do not support ACLs, only the file mode permission bits are preserved, and a warning is written to standard error. +.BR mv (1) +utility always preserves ACLs. If this is not possible, a warning is produced. .PP -The +The effect of the .BR chmod (1) -utility is traditionally used to change the file mode permission bits. -Changing the permission bits using -.B chmod -has the following effect on an ACL that is associated with a file: -.IP * 4 -The new user permission bits replace the permissions of the owner ACL entry. -.IP * 4 -The new group permission bits replace the permission bits of the mask ACL entry if a mask ACL entry exists. The new group permission bits replace the permission bits of the owning group ACL entry if no mask ACL entry exists. -.IP * 4 -The new others permission bits replace the permissions of the others ACL entry. +utility, and of the +.BR chmod (2) +system call, on the access ACL is described in the section +``CORRESPONDENCE BETWEEN ACL ENTRIES AND FILE PERMISSION BITS''. +.SH STANDARDS +The IEEE 1003.1e draft 17 (\(lqPOSIX.1e\(rq) document describes several +security extensions to the IEEE 1003.1 standard. While the work on +1003.1e has been abandoned, many UNIX style systems implement parts of +POSIX.1e draft 17, or of earlier drafts. .PP -.fam T -.SH AUTHOR -Andreas Gruenbacher, -.RI < a.gruenbacher@computer.org >. - -Please send your bug reports, suggested features and comments to the -above address. +Linux Access Control Lists implement the full set of functions and +utilities defined for Access Control Lists in POSIX.1e, and several +extensions. The implementation is fully compliant with POSIX.1e draft +17; extensions are marked as such. +The Access Control List manipulation functions are defined in +the ACL library (libacl, \-lacl). The POSIX compliant interfaces are +declared in the +.Li <sys/acl.h> +header. +Linux-specific extensions to these functions are declared in the +.Li <acl/libacl.h> +header. .SH SEE ALSO -getfacl(1), setfacl(1), chmod(1), umask(1), ls(1) +.BR chmod (1), +.BR creat (2), +.BR getfacl (1), +.BR ls (1), +.BR mkdir (2), +.BR mkfifo (2), +.BR mknod (2), +.BR open (2), +.BR setfacl (1), +.BR stat (2), +.BR umask (1) +.SS POSIX 1003.1e DRAFT 17 +.BR "http://www.guug.de/~winni/posix.1e/download.html" +.SS POSIX 1003.1e FUNCTIONS BY CATEGORY +.TP +.B "ACL storage management" +.BR acl_dup (3), +.BR acl_free (3), +.BR acl_init (3) +.TP +.B "ACL entry manipulation" +.BR acl_copy_entry (3), +.BR acl_create_entry (3), +.BR acl_delete_entry (3), +.BR acl_get_entry (3), +.BR acl_valid (3) +.IP +.BR acl_add_perm (3), +.BR acl_calc_mask (3), +.BR acl_clear_perms (3), +.BR acl_delete_perm (3), +.BR acl_get_permset (3), +.BR acl_set_permset (3) +.IP +.BR acl_get_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_set_qualifier (3), +.BR acl_set_tag_type (3) +.TP +.B "ACL manipulation on an object" +.BR acl_delete_def_file (3), +.BR acl_get_fd (3), +.BR acl_get_file (3), +.BR acl_set_fd (3), +.BR acl_set_file (3) +.TP +.B "ACL format translation" +.BR acl_copy_entry (3), +.BR acl_copy_ext (3), +.BR acl_from_text (3), +.BR acl_to_text (3), +.BR acl_size (3) +.SS POSIX 1003.1e FUNCTIONS BY AVAILABILITY +The first group of functions is supported on most systems with POSIX-like +access control lists, while the second group is supported on fewer systems. +For applications that will be ported the second group is best avoided. +.PP +.BR acl_delete_def_file (3), +.BR acl_dup (3), +.BR acl_free (3), +.BR acl_from_text (3), +.BR acl_get_fd (3), +.BR acl_get_file (3), +.BR acl_init (3), +.BR acl_set_fd (3), +.BR acl_set_file (3), +.BR acl_to_text (3), +.BR acl_valid (3) +.PP +.BR acl_add_perm (3), +.BR acl_calc_mask (3), +.BR acl_clear_perms (3), +.BR acl_copy_entry (3), +.BR acl_copy_ext (3), +.BR acl_copy_int (3), +.BR acl_create_entry (3), +.BR acl_delete_entry (3), +.BR acl_delete_perm (3), +.BR acl_get_entry (3), +.BR acl_get_permset (3), +.BR acl_get_qualifier (3), +.BR acl_get_tag_type (3), +.BR acl_set_permset (3), +.BR acl_set_qualifier (3), +.BR acl_set_tag_type (3), +.BR acl_size (3) +.SS LINUX EXTENSIONS +The following are non-portable extensions available on Linux systems. +.PP +.BR acl_check (3), +.BR acl_cmp (3), +.BR acl_entries (3), +.BR acl_equiv_mode (3), +.BR acl_error (3), +.BR acl_extended_fd (3), +.BR acl_extended_file (3), +.BR acl_from_mode (3), +.BR acl_get_perm (3), +.BR acl_to_any_text (3) diff --git a/po/de.mo b/po/de.mo Binary files differdeleted file mode 100644 index 4479857..0000000 --- a/po/de.mo +++ /dev/null diff --git a/setfacl/do_set.c b/setfacl/do_set.c index d43b8d7..e4baba1 100644 --- a/setfacl/do_set.c +++ b/setfacl/do_set.c @@ -113,10 +113,9 @@ print_test( { char *acl_text, *default_acl_text; - acl_text = acl_to_any_text(acl, NULL, - "", ',', "", TEXT_ABBREVIATE); - default_acl_text = acl_to_any_text(default_acl, NULL, - "d:", ',', "", TEXT_ABBREVIATE); + acl_text = acl_to_any_text(acl, NULL, ',', TEXT_ABBREVIATE); + default_acl_text = + acl_to_any_text(default_acl, "d:", ',', TEXT_ABBREVIATE); fprintf(file, "%s: %s,%s\n", path_p, acl_text ? acl_text : "*", default_acl_text ? default_acl_text : "*"); @@ -377,9 +376,7 @@ do_set( if (error < 0) goto fail; if (error > 0) { - acl_text = acl_to_any_text( - acl, NULL, NULL, ',', - NULL, TEXT_NO_EFFECTIVE); + acl_text = acl_to_any_text(acl, NULL, ',', 0); fprintf(stderr, _("%s: %s: Resulting ACL `%s': " "%s at entry %d\n"), progname, path_p, acl_text, acl_error(error), which_entry+1); @@ -406,9 +403,7 @@ do_set( if (error < 0) goto fail; if (error > 0) { - acl_text = acl_to_any_text( - default_acl, NULL, NULL, ',', - NULL, TEXT_NO_EFFECTIVE); + acl_text = acl_to_any_text(default_acl, NULL, ',', 0); fprintf(stderr, _("%s: %s: Resulting default ACL " "`%s': %s at entry %d\n"), progname, path_p, acl_text, @@ -445,29 +440,28 @@ do_set( } if (acl) { if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) != 0) { - if (errno != ENOSYS && errno != ENOTSUP) - goto fail; - if (acl_set_file_mode(path_p, ACL_TYPE_ACCESS, - acl) != 0) - goto fail; + if (errno == ENOSYS || errno == ENOTSUP) { + int saved_errno = errno; + mode_t mode; + + if (acl_equiv_mode(acl, &mode) != 0) { + errno = saved_errno; + goto fail; + } else if (chmod(path_p, mode) != 0) + goto fail; + } } } if (default_acl) { if (S_ISDIR(st->st_mode)) { if (acl_entries(default_acl) == 0) { - if (acl_delete_def_file(path_p) != 0) + if (acl_delete_def_file(path_p) != 0 && + errno != ENOSYS && errno != ENOTSUP) goto fail; } else { if (acl_set_file(path_p, ACL_TYPE_DEFAULT, - default_acl) != 0) { - if (errno != ENOSYS && - errno != ENOTSUP) - goto fail; - if (acl_set_file_mode(path_p, - ACL_TYPE_DEFAULT, - default_acl) != 0) - goto fail; - } + default_acl) != 0) + goto fail; } } else { if (acl_entries(default_acl) != 0) { |