2000-01-05 04:59:02 +00:00
|
|
|
.\"-
|
2001-12-02 04:27:13 +00:00
|
|
|
.\" Copyright (c) 1999-2001 Robert N. M. Watson
|
2000-01-05 04:59:02 +00:00
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
2005-02-09 18:07:17 +00:00
|
|
|
.\" $FreeBSD$
|
2000-01-05 04:59:02 +00:00
|
|
|
.\"
|
2015-09-04 00:14:20 +00:00
|
|
|
.Dd September 4, 2015
|
2000-01-05 04:59:02 +00:00
|
|
|
.Dt ACL 9
|
2010-04-14 19:08:06 +00:00
|
|
|
.Os
|
2000-01-05 04:59:02 +00:00
|
|
|
.Sh NAME
|
|
|
|
.Nm acl
|
2002-12-12 17:26:04 +00:00
|
|
|
.Nd virtual file system access control lists
|
2000-01-05 04:59:02 +00:00
|
|
|
.Sh SYNOPSIS
|
2001-10-01 16:09:29 +00:00
|
|
|
.In sys/param.h
|
|
|
|
.In sys/vnode.h
|
|
|
|
.In sys/acl.h
|
2000-01-05 04:59:02 +00:00
|
|
|
.Pp
|
2002-05-05 22:09:12 +00:00
|
|
|
In the kernel configuration file:
|
|
|
|
.Cd "options UFS_ACL"
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
Access control lists, or ACLs,
|
|
|
|
allow fine-grained specification of rights
|
|
|
|
for vnodes representing files and directories.
|
2002-12-12 17:26:04 +00:00
|
|
|
However, as there are a plethora of file systems with differing ACL semantics,
|
2002-05-05 22:09:12 +00:00
|
|
|
the vnode interface is aware only of the syntax of ACLs,
|
2002-12-12 17:26:04 +00:00
|
|
|
relying on the underlying file system to implement the details.
|
|
|
|
Depending on the underlying file system, each file or directory
|
2002-05-05 22:09:12 +00:00
|
|
|
may have zero or more ACLs associated with it, named using the
|
|
|
|
.Fa type
|
|
|
|
field of the appropriate vnode ACL calls:
|
|
|
|
.Xr VOP_ACLCHECK 9 ,
|
|
|
|
.Xr VOP_GETACL 9 ,
|
|
|
|
and
|
|
|
|
.Xr VOP_SETACL 9 .
|
|
|
|
.Pp
|
|
|
|
Currently, each ACL is represented in-kernel by a fixed-size
|
|
|
|
.Vt acl
|
|
|
|
structure, defined as follows:
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
struct acl {
|
2009-05-24 09:42:53 +00:00
|
|
|
unsigned int acl_maxcnt;
|
|
|
|
unsigned int acl_cnt;
|
|
|
|
int acl_spare[4];
|
2002-05-05 22:09:12 +00:00
|
|
|
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
|
|
|
|
};
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
An ACL is constructed from a fixed size array of ACL entries,
|
|
|
|
each of which consists of a set of permissions, principal namespace,
|
|
|
|
and principal identifier.
|
2009-05-24 09:42:53 +00:00
|
|
|
In this implementation, the
|
|
|
|
.Vt acl_maxcnt
|
|
|
|
field is always set to
|
|
|
|
.Dv ACL_MAX_ENTRIES .
|
2002-05-05 22:09:12 +00:00
|
|
|
.Pp
|
|
|
|
Each individual ACL entry is of the type
|
|
|
|
.Vt acl_entry_t ,
|
|
|
|
which is a structure with the following members:
|
2002-05-29 17:45:44 +00:00
|
|
|
.Bl -tag -width 2n
|
2002-05-05 22:09:12 +00:00
|
|
|
.It Vt acl_tag_t Va ae_tag
|
|
|
|
The following is a list of definitions of ACL types
|
|
|
|
to be set in
|
|
|
|
.Va ae_tag :
|
|
|
|
.Pp
|
2002-05-29 17:45:44 +00:00
|
|
|
.Bl -tag -width ".Dv ACL_UNDEFINED_FIELD" -offset indent -compact
|
2002-05-05 22:09:12 +00:00
|
|
|
.It Dv ACL_UNDEFINED_FIELD
|
|
|
|
Undefined ACL type.
|
|
|
|
.It Dv ACL_USER_OBJ
|
|
|
|
Discretionary access rights for processes whose effective user ID
|
|
|
|
matches the user ID of the file's owner.
|
|
|
|
.It Dv ACL_USER
|
|
|
|
Discretionary access rights for processes whose effective user ID
|
|
|
|
matches the ACL entry qualifier.
|
|
|
|
.It Dv ACL_GROUP_OBJ
|
|
|
|
Discretionary access rights for processes whose effective group ID
|
|
|
|
or any supplemental groups
|
|
|
|
match the group ID of the file's owner.
|
|
|
|
.It Dv ACL_GROUP
|
|
|
|
Discretionary access rights for processes whose effective group ID
|
|
|
|
or any supplemental groups
|
|
|
|
match the ACL entry qualifier.
|
|
|
|
.It Dv ACL_MASK
|
|
|
|
The maximum discretionary access rights that can be granted
|
|
|
|
to a process in the file group class.
|
2009-05-24 09:42:53 +00:00
|
|
|
This is only valid for POSIX.1e ACLs.
|
2002-05-05 22:09:12 +00:00
|
|
|
.It Dv ACL_OTHER
|
|
|
|
Discretionary access rights for processes not covered by any other ACL
|
|
|
|
entry.
|
2009-05-24 09:42:53 +00:00
|
|
|
This is only valid for POSIX.1e ACLs.
|
2002-05-05 22:09:12 +00:00
|
|
|
.It Dv ACL_OTHER_OBJ
|
|
|
|
Same as
|
|
|
|
.Dv ACL_OTHER .
|
2009-05-24 09:42:53 +00:00
|
|
|
.It Dv ACL_EVERYONE
|
|
|
|
Discretionary access rights for all users.
|
|
|
|
This is only valid for NFSv4 ACLs.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
Each POSIX.1e ACL must contain exactly one
|
2002-05-05 22:09:12 +00:00
|
|
|
.Dv ACL_USER_OBJ ,
|
|
|
|
one
|
|
|
|
.Dv ACL_GROUP_OBJ ,
|
|
|
|
and one
|
|
|
|
.Dv ACL_OTHER .
|
|
|
|
If any of
|
|
|
|
.Dv ACL_USER ,
|
|
|
|
.Dv ACL_GROUP ,
|
|
|
|
or
|
|
|
|
.Dv ACL_OTHER
|
|
|
|
are present, then exactly one
|
|
|
|
.Dv ACL_MASK
|
|
|
|
entry should be present.
|
|
|
|
.It Vt uid_t Va ae_id
|
|
|
|
The ID of user for whom this ACL describes access permissions.
|
2009-05-24 09:42:53 +00:00
|
|
|
For entries other than
|
|
|
|
.Dv ACL_USER
|
|
|
|
and
|
|
|
|
.Dv ACL_GROUP ,
|
|
|
|
this field should be set to
|
|
|
|
.Dv ACL_UNDEFINED_ID .
|
2002-05-05 22:09:12 +00:00
|
|
|
.It Vt acl_perm_t Va ae_perm
|
|
|
|
This field defines what kind of access the process matching this ACL has
|
|
|
|
for accessing the associated file.
|
2009-05-24 09:42:53 +00:00
|
|
|
For POSIX.1e ACLs, the following are valid:
|
|
|
|
.Bl -tag -width ".Dv ACL_WRITE_NAMED_ATTRS"
|
2002-05-05 22:09:12 +00:00
|
|
|
.It Dv ACL_EXECUTE
|
|
|
|
The process may execute the associated file.
|
|
|
|
.It Dv ACL_WRITE
|
|
|
|
The process may write to the associated file.
|
|
|
|
.It Dv ACL_READ
|
|
|
|
The process may read from the associated file.
|
|
|
|
.It Dv ACL_PERM_NONE
|
|
|
|
The process has no read, write or execute permissions
|
|
|
|
to the associated file.
|
|
|
|
.El
|
2009-05-24 09:42:53 +00:00
|
|
|
.Pp
|
|
|
|
For NFSv4 ACLs, the following are valid:
|
|
|
|
.Bl -tag -width ".Dv ACL_WRITE_NAMED_ATTRS"
|
|
|
|
.It Dv ACL_READ_DATA
|
|
|
|
The process may read from the associated file.
|
|
|
|
.It Dv ACL_LIST_DIRECTORY
|
|
|
|
Same as
|
|
|
|
.Dv ACL_READ_DATA .
|
|
|
|
.It Dv ACL_WRITE_DATA
|
|
|
|
The process may write to the associated file.
|
|
|
|
.It Dv ACL_ADD_FILE
|
|
|
|
Same as
|
|
|
|
.Dv ACL_ACL_WRITE_DATA .
|
|
|
|
.It Dv ACL_APPEND_DATA
|
|
|
|
.It Dv ACL_ADD_SUBDIRECTORY
|
|
|
|
Same as
|
|
|
|
.Dv ACL_APPEND_DATA .
|
|
|
|
.It Dv ACL_READ_NAMED_ATTRS
|
|
|
|
Ignored.
|
|
|
|
.It Dv ACL_WRITE_NAMED_ATTRS
|
|
|
|
Ignored.
|
|
|
|
.It Dv ACL_EXECUTE
|
|
|
|
The process may execute the associated file.
|
|
|
|
.It Dv ACL_DELETE_CHILD
|
|
|
|
.It Dv ACL_READ_ATTRIBUTES
|
|
|
|
.It Dv ACL_WRITE_ATTRIBUTES
|
|
|
|
.It Dv ACL_DELETE
|
|
|
|
.It Dv ACL_READ_ACL
|
|
|
|
.It Dv ACL_WRITE_ACL
|
|
|
|
.It Dv ACL_WRITE_OWNER
|
|
|
|
.It Dv ACL_SYNCHRONIZE
|
|
|
|
Ignored.
|
|
|
|
.El
|
|
|
|
.It Vt acl_entry_type_t Va ae_entry_type
|
|
|
|
This field defines the type of NFSv4 ACL entry.
|
|
|
|
It is not used with POSIX.1e ACLs.
|
|
|
|
The following values are valid:
|
|
|
|
.Bl -tag -width ".Dv ACL_WRITE_NAMED_ATTRS"
|
|
|
|
.It Dv ACL_ENTRY_TYPE_ALLOW
|
|
|
|
.It Dv ACL_ENTRY_TYPE_DENY
|
|
|
|
.El
|
|
|
|
.It Vt acl_flag_t Va ae_flags
|
|
|
|
This field defines the inheritance flags of NFSv4 ACL entry.
|
|
|
|
It is not used with POSIX.1e ACLs.
|
|
|
|
The following values are valid:
|
|
|
|
.Bl -tag -width ".Dv ACL_ENTRY_DIRECTORY_INHERIT"
|
|
|
|
.It Dv ACL_ENTRY_FILE_INHERIT
|
|
|
|
.It Dv ACL_ENTRY_DIRECTORY_INHERIT
|
2009-05-24 20:34:29 +00:00
|
|
|
.It Dv ACL_ENTRY_NO_PROPAGATE_INHERIT
|
2009-05-24 09:42:53 +00:00
|
|
|
.It Dv ACL_ENTRY_INHERIT_ONLY
|
2015-09-04 00:14:20 +00:00
|
|
|
.It Dv ACL_ENTRY_INHERITED
|
2009-05-24 09:42:53 +00:00
|
|
|
.El
|
2015-09-04 00:14:20 +00:00
|
|
|
The
|
|
|
|
.Dv ACL_ENTRY_INHERITED
|
|
|
|
flag is set on an ACE that has been inherited from its parent.
|
|
|
|
It may also be set programmatically, and is valid on both files
|
|
|
|
and directories.
|
2002-05-05 22:09:12 +00:00
|
|
|
.El
|
2000-01-05 04:59:02 +00:00
|
|
|
.Sh SEE ALSO
|
2001-12-22 03:46:33 +00:00
|
|
|
.Xr acl 3 ,
|
2014-12-21 10:57:42 +00:00
|
|
|
.Xr vaccess 9 ,
|
2009-09-22 15:15:03 +00:00
|
|
|
.Xr vaccess_acl_nfs4 9 ,
|
2001-12-22 03:46:33 +00:00
|
|
|
.Xr vaccess_acl_posix1e 9 ,
|
2000-01-05 04:59:02 +00:00
|
|
|
.Xr VFS 9 ,
|
|
|
|
.Xr VOP_ACLCHECK 9 ,
|
|
|
|
.Xr VOP_GETACL 9 ,
|
2000-11-15 16:00:07 +00:00
|
|
|
.Xr VOP_SETACL 9
|
2000-01-05 04:59:02 +00:00
|
|
|
.Sh AUTHORS
|
2005-06-28 20:15:19 +00:00
|
|
|
This manual page was written by
|
2000-01-05 04:59:02 +00:00
|
|
|
.An Robert Watson .
|