1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
.\" Access Control Lists manual pages
.\"
.\" (C) 2002 Andreas Gruenbacher, <a.gruenbacher@computer.org>
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd March 23, 2002
.Dt ACL_CHECK 3
.Os "Linux ACL"
.Sh NAME
.Nm acl_check
.Nd check an ACL for validity
.Sh LIBRARY
Linux Access Control Lists library (libacl, \-lacl).
.Sh SYNOPSIS
.In sys/types.h
.In acl/libacl.h
.Ft int
.Fn acl_check "acl_t acl" "int *last"
.Sh DESCRIPTION
The
.Fn acl_check
function checks the ACL referred to by the argument
.Va acl
for validity.
.Pp
The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER
must exist exactly once in the ACL. If the ACL contains any ACL_USER or
ACL_GROUP entries, then an ACL_MASK entry is also required. The ACL
may contain at most one ACL_MASK entry.
.Pp
The user identifiers must be unique among all entries of type ACL_USER.
The group identifiers must be unique among all entries of type ACL_GROUP.
.Pp
If the ACL referred to by
.Va acl
is invalid,
.Fn acl_check
returns a positive error code that indicates which type of error was detected.
The following symbolic error codes are defined:
.Bl -tag -width ACL_DUPLICATE_ERROR.
.It ACL_MULTI_ERROR
The ACL contains multiple entries that have a tag type
that may occur at most once.
.It ACL_DUPLICATE_ERROR
The ACL contains multiple ACL_USER entries with the same user ID, or
multiple ACL_GROUP entries with the same group ID.
.It ACL_MISS_ERROR
A required entry is missing.
.It ACL_ENTRY_ERROR
The ACL contains an invalid entry tag type.
.El
.Pp
The
.Fn acl_error
function can be used to translate error codes to text messages.
.Pp
In addition, if the pointer
.Va last
is not
.Li NULL ,
.Fn acl_check
assigns the number of the ACL entry at which the error was detected to
the value pointed to by
.Va last .
Entries are numbered starting with zero, in the order in which they would be
returned by the
.Fn acl_get_entry
function.
.Sh RETURN VALUE
If successful, the
.Fn acl_check
function returns
.Li 0
if the ACL referred to by
.Va acl
is valid, and a positive error code if the ACL is invalid. Otherwise, a
value of
.Li -1
is returned and the global variable
.Va errno
is set to indicate the error.
.Sh ERRORS
If any of the following conditions occur, the
.Fn acl_check
function returns
.Li -1
and sets
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
The argument
.Va acl
is not a valid pointer to an ACL.
.El
.Sh STANDARDS
This is a non-portable, Linux specific extension to the ACL manipulation
functions defined in IEEE Std 1003.1e draft 17 (\(lqPOSIX.1e\(rq, abandoned).
.Sh SEE ALSO
.Xr acl_valid 3 ,
.Xr acl 5
.Sh AUTHOR
Written by
.An "Andreas Gruenbacher" Aq a.gruenbacher@computer.org .
|
