Man pages for the VFS extended attribute and access control list vnops.

Reviewed by:	eivind

share/man/man9/Makefile

@@ -33,7 +33,9 @@ MAN9+=	device.9 device_add_child.9 device_delete_child.9 device_enable.9 \
 	BUS_READ_IVAR.9 \
 	bus_generic_attach.9 bus_generic_detach.9 bus_generic_map_intr.9 \
 	bus_generic_print_child.9 bus_generic_read_ivar.9 \
-	bus_generic_shutdown.9
+	bus_generic_shutdown.9 \
+	VOP_ACLCHECK.9 VOP_GETACL.9 VOP_GETEXTATTR.9 VOP_SETACL.9 \
+	VOP_SETEXTATTR.9 acl.9 extattr.9
 
 MLINKS+=MD5.9 MD5Init.9 MD5.9 MD5Transform.9
 MLINKS+=VOP_ATTRIB.9 VOP_GETATTR.9

share/man/man9/VOP_ACLCHECK.9

@@ -0,0 +1,98 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt VOP_ACLCHECK 9
+.Sh NAME
+.Nm VOP_ACLCHECK
+.Nd Check an access control list for a vnode
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/acl.h>
+.Ft int
+.Fn VOP_ACLCHECK "struct vnode *vp" "acl_type_t type" "struct acl *aclp" "struct ucred *cred" "struct proc *p"
+.Sh DESCRIPTION
+This vnode call may be used to determine the validity of a particular access
+control list (ACL) for a particular file or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Ar vp
+the vnode of the file or directory
+.It Ar type
+the type of ACL to check
+.It Ar aclp
+a pointer to an ACL structure from which to retrieve the ACL data
+.It Ar cred
+the user credentials to use in authorizing the request
+.It Ar p
+the process checking the ACL
+.El
+.Pp
+The
+.Fa cred
+pointer may be NULL to indicate that access control checks are not to be
+performed, of possible.  This cred setting might be used to allow the
+kernel to authorize ACL verification that the active process might not be
+permitted to do.
+.Pp
+The vnode ACL interface defines the syntax, and not semantics, of file and
+directory ACL interfaces.  More information about ACL management in kernel
+may be found in
+.Xr acl 9 .
+.Sh LOCKS
+No locks are required to call this vnode method, and any locks held on
+entry will be held on exit.
+.Sh RETURN VALUES
+If the
+.Fa aclp
+pointer points to a valid ACL of type
+.Fa type
+for the object
+.Fa vp ,
+then zero is returned.  Otherwise, an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The ACL type passed is invalid for this vnode, or the ACL data is invalid
+.It Bq Er EACCES
+Permission denied
+.It Bq Er ENOMEM
+Insufficient memory available to fulfill request
+.It Bq Er EOPNOTSUPP
+The file system does not support VOP_ACLCHECK
+.El
+.Sh SEE ALSO
+.Xr acl 9 ,
+.Xr vnode 9 ,
+.Xr VOP_GETACL 9 ,
+.Xr VOP_SETACL 9
+.Sh AUTHORS
+This man page was written by
+.An Robert Watson .

share/man/man9/VOP_GETACL.9

@@ -0,0 +1,95 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt VOP_GETACL 9
+.Sh NAME
+.Nm VOP_GETACL
+.Nd Retrieve access control list for a vnode
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/acl.h>
+.Ft int
+.Fn VOP_GETACL "struct vnode *vp" "acl_type_t type" "struct acl *aclp" "struct ucred *cred" "struct proc *p"
+.Sh DESCRIPTION
+This vnode call may be used to retrieve the access control list (ACL) from a
+file or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Ar vp
+the vnode of the file or directory
+.It Ar type
+the type of ACL to retrieve
+.It Ar aclp
+a pointer to an ACL structure to receive the ACL data
+.It Ar cred
+the user credentials to use in authorizing the request
+.It Ar p
+the process requesting the ACL
+.El
+.Pp
+The
+.Fa cred
+pointer may be NULL to indicate that access control checks are not to be
+performed, of possible.  This cred setting might be used to allow the 
+kernel to authorize ACL retrieval that the active process might not be
+permitted to do.
+.Pp
+The vnode ACL interface defines the syntax, and not semantics, of file and
+directory ACL interfaces.  More information about ACL management in kernel
+may be found in
+.Xr acl 9 .
+.Sh LOCKS
+No locks are required to call this vnode method, and any locks held on
+entry will be held on exit.
+.Sh RETURN VALUES
+If the
+.Fa aclp
+pointer will point to a valid ACL, then zero is returned.  Otherwise,
+an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The ACL type passed is invalid for this vnode
+.It Bq Er EACCES
+Permission denied
+.It Bq Er ENOMEM
+Insufficient memory available to fulfill request
+.It Bq Er EOPNOTSUPP
+The file system does not support VOP_GETACL
+.El
+.Sh SEE ALSO
+.Xr acl 9 ,
+.Xr vnode 9 ,
+.Xr VOP_ACLCHECK 9 ,
+.Xr VOP_SETACL 9
+.Sh AUTHORS
+This man page was written by
+.An Robert Watson .

share/man/man9/VOP_GETEXTATTR.9

@@ -0,0 +1,99 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt VOP_GETEXTATTR 9
+.Sh NAME
+.Nm VOP_GETEXTATTR
+.Nd Retrieve named extended attribute from a vnode
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/extattr.h>
+.Ft int
+.Fn VOP_GETEXTATTR "struct vnode *vp" "char *name" "struct uio *uio" "struct ucred *cred" "struct proc *p"
+.Sh DESCRIPTION
+This vnode call may be used to retrieve a specific named extended attribute
+from a file or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Ar vp
+the vnode of the file or directory
+.It Ar name
+pointer to a null-terminated character string containing the attribute name
+.It Ar uio
+the location of the data to be read or written
+.It Ar cred
+the user credentials to use in authorizing the request
+.It Ar p
+the process requesting the extended attribute
+.El
+.Pp
+The
+.Fa cred
+pointer may be NULL to indicate that access control checks are not to be
+performed, of possible.  This cred setting might be used to allow the 
+kernel to authorize extended attribute retrieval that the active process
+might not be permitted to do.
+.Pp
+Extended attribute semantics may vary by file system implementing the call.
+More information on extended attributes may be found in
+.Xr extattr 9 .
+.Sh LOCKS
+No locks are required to call this vnode method, and any locks held on
+entry will be held on exit.
+.Sh RETURN VALUES
+On success, zero will be returned, and the uio structure will be updated to
+reflect data read.  Otherwise, an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er ENOENT
+The attribute name is not defined for this vnode
+.It Bq Er EACCES
+Permission denied
+.It Bq Er ENXIO
+The request was not valid in this file system for the specified vnode and
+attribute name.
+.It Bq Er ENOMEM
+Insufficient memory available to fulfill request
+.It Bq Er EFAULT
+The uio structure refers to an invalid userspace address.
+.It Bq Er EINVAL
+The 
+.Fa name
+or
+.Fa uio
+argument is invalid.
+.It Bq Er EOPNOTSUPP
+The file system does not support VOP_GETEXTATTR
+.El
+.Sh SEE ALSO
+.Xr extattr 9 ,
+.Xr vnode 9 ,
+.Xr VOP_SETEXTATTR 9

share/man/man9/VOP_SETACL.9

@@ -0,0 +1,100 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt VOP_SETACL 9
+.Sh NAME
+.Nm VOP_SETACL
+.Nd Set the access control list for a vnode
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/acl.h>
+.Ft int
+.Fn VOP_SETACL "struct vnode *vp" "acl_type_t type" "struct acl *aclp" "struct ucred *cred" "struct proc *p"
+.Sh DESCRIPTION
+This vnode call may be used to set the access control list (ACL) for a file
+or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Ar vp
+the vnode of the file or directory
+.It Ar type
+the type of ACL to set
+.It Ar aclp
+a pointer to an ACL structure from which to retrieve the ACL data
+.It Ar cred
+the user credentials to use in authorizing the request
+.It Ar p
+the process setting the ACL
+.El
+.Pp
+The
+.Fa aclp
+pointer may be NULL to indicate that the specified ACL should be deleted.
+.Pp
+The
+.Fa cred
+pointer may be NULL to indicate that access control checks are not to be
+performed, of possible.  This cred setting might be used to allow the 
+kernel to authorize extended attribute changes that the active process might
+not be permitted to make.
+.Pp
+The vnode ACL interface defines the syntax, and not semantics, of file and
+directory ACL interfaces.  More information about ACL management in kernel
+may be found in
+.Xr acl 9 .
+.Sh LOCKS
+The vnode will be locked on entry and should remain locked on return.
+.Sh RETURN VALUES
+If the ACL is successfully set, then zero is returned.  Otherwise, an
+appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The ACL type passed is invalid for this vnode, or the ACL data is invalid
+.It Bq Er EACCES
+Permission denied
+.It Bq Er ENOMEM
+Insufficient memory available to fulfill request
+.It Bq Er EOPNOTSUPP
+The file system does not support VOP_SETACL
+.It Bq Er ENOSPC
+The file system is out of space
+.It Bq Er EROFS
+The file system is read-only
+.El
+.Sh SEE ALSO
+.Xr acl 9 ,
+.Xr vnode 9 ,
+.Xr VOP_ACLCHECK 9 ,
+.Xr VOP_GETACL 9
+.Sh AUTHORS
+This man page was written by
+.An Robert Watson .

share/man/man9/VOP_SETEXTATTR.9

@@ -0,0 +1,110 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt VOP_SETEXTATTR 9
+.Sh NAME
+.Nm VOP_SETEXTATTR
+.Nd Set named extended attribute for a vnode
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/extattr.h>
+.Ft int
+.Fn VOP_SETEXTATTR "struct vnode *vp" "char *name" "struct uio *uio" "struct ucred *cred" "struct proc *p"
+.Sh DESCRIPTION
+This vnode call may be used to set specific named extended attribute for a
+file or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Ar vp
+the vnode of the file or directory
+.It Ar name
+pointer to a null-terminated character string containing the attribute name
+.It Ar uio
+the location of the data to be read or written
+.It Ar cred
+the user credentials to use in authorizing the request
+.It Ar p
+the process setting the extended attribute
+.El
+.Pp
+The uio structure is used in a manner similar to the argument of the same
+name in 
+.Xr VOP_WRITE .
+However, as extended attributes provide a strict "name=value" semantic,
+non-zero offsets will be rejected.
+.Pp
+The
+.Fa uio
+pointer may be NULL to indicate that the specified extended attribute
+should be deleted.
+.Pp
+The
+.Fa cred
+pointer may be NULL to indicate that access control checks are not to be
+performed, of possible.  This cred setting might be used to allow the 
+kernel to authorize extended attribute changes that the active process might
+not be permitted to make.
+.Pp
+Extended attribute semantics may vary by file system implementing the call.
+More information on extended attributes may be found in
+.Xr extattr 9 .
+.Sh LOCKS
+The vnode will be locked on entry and should remain locked on return.
+.Sh RETURN VALUES
+If the extended attribute is successfully set, then zero is returned.
+Otherwise, an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EACCES
+Permission denied
+.It Bq Er ENXIO
+The request was not valid in this file system for the specified vnode and
+attribute name.
+.It Bq Er ENOMEM
+Insufficient memory available to fulfill request
+.It Bq Er EFAULT
+The uio structure refers to an invalid userspace address
+.It Bq Er EINVAL
+The name or uio argument is invalid
+.It Bq Er EOPNOTSUPP
+The file system does not support VOP_GETEXTATTR
+.It Bq Er ENOSPC
+The file system is out of space
+.It Bq Er EROFS
+The file system is read-only
+.El
+.Sh SEE ALSO
+.Xr extattr 9 ,
+.Xr vnode 9 ,
+.Xr VOP_GETEXTATTR 9
+.Sh AUTHORS
+This man page was written by
+.An Robert Watson .

share/man/man9/acl.9

@@ -0,0 +1,109 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt ACL 9
+.Sh NAME
+.Nm acl
+.Nd virtual file system access control lists
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/acl.h>
+.Pp
+.Bd -literal
+typedef int     acl_type_t;
+typedef int     acl_tag_t;
+typedef mode_t  acl_perm_t;
+
+struct acl_entry {
+        acl_tag_t       ae_tag;
+        uid_t           ae_id;
+        acl_perm_t      ae_perm;
+};
+typedef struct acl_entry        *acl_entry_t;
+
+struct acl {
+        int                     acl_cnt;
+        struct acl_entry        acl_entry[MAX_ACL_ENTRIES];
+};
+typedef struct acl      *acl_t;
+
+/*
+ * Possible valid values for a_type of acl_entry_t
+ */
+#define ACL_USER_OBJ    0x00000001
+#define ACL_USER        0x00000002
+#define ACL_GROUP_OBJ   0x00000004
+#define ACL_GROUP       0x00000008
+#define ACL_MASK        0x00000010
+#define ACL_OTHER       0x00000020
+#define ACL_OTHER_OBJ   ACL_OTHER
+#define ACL_AFS_ID      0x00000040
+
+#define ACL_TYPE_ACCESS         0x00000000
+#define ACL_TYPE_DEFAULT        0x00000001
+
+/*
+ * Possible flags in a_perm field
+ */
+#define ACL_PERM_EXEC           0x0001
+#define ACL_PERM_WRITE          0x0002
+#define ACL_PERM_READ           0x0004
+#define ACL_PERM_NONE           0x0000
+#define ACL_PERM_BITS           (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
+#define ACL_POSIX1E_BITS        (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
+.Ed
+.Sh DESCRIPTION
+Access control lists, or ACLs, allow fine-grained specification of rights
+for vnodes representing files and directories.  However, as there are a
+plethora of file systems with differing ACL semantics, the vnode interface
+is aware only of the syntax of ACLs, relying on the underlying file system
+to implement the details.  Depending on the underlying file system, each
+file or directory may have zero or more ACLs associated with it, named using
+the
+.Fa type
+field of the appropriate vnode ACL calls, 
+.Xr VOP_ACLCHECK 9 ,
+.Xr VOP_GETACL 9 ,
+and
+.Xr VOP_SETACL 9 .
+
+Currently, each ACL is represented in-kernel by a fixed-size acl structure.
+An ACL is constructed from a fixed size array of ACL entries, each of which
+consists of a set of permissions, principal namespace, and principal
+identifier.  Zero or more of these entries may be "defined", depending on
+the value of the associated acl_cnt field.
+.Sh SEE ALSO
+.Xr VFS 9 ,
+.Xr VOP_ACLCHECK 9 ,
+.Xr VOP_GETACL 9 ,
+.Xr VOP_SETACL 9 .
+.Sh AUTHORS
+This man page was written by
+.An Robert Watson .

share/man/man9/extattr.9

@@ -0,0 +1,67 @@
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"       $FreeBSD$
+.\"
+.Dd December 23, 1999
+.Os
+.Dt EXTATTR 9
+.Sh NAME
+.Nm extattr 
+.Nd virtual file system named extended attributes
+.Sh SYNOPSIS
+.Fd #include <sys/param.h>
+.Fd #include <sys/vnode.h>
+.Fd #include <sys/extattr.h>
+.Sh DESCRIPTION
+Named extended attributes allow additional meta-data to be associated
+with vnodes representing files and directories.  The semantics of this
+additional data is that of a "name=value" pair, where a name may
+be defined or undefined, and if defined, associated with zero or more
+bytes of arbitrary binary data.  Reads of this data may return specific
+contiguous regions of the meta-data, in the style of
+.Xr VOP_READ 9 ,
+but writes will replace the entire current "value" associated with
+a given name.  As there are a plethora of file systems with differing
+extended attributes, availability and functionality of these functions
+may be limited, and they should be used with awareness of the underlying
+semantics of the supporting file system.  Authorization schemes for
+extended attribute data may also vary by file system, as well as
+maximum attribute size, and whether or not any or specific new attributes
+may be defined.
+
+Extended attributes are named using a null-terminated character string.
+Depending on file system semantics, this name may or may not be
+case-sensitive.  Appropriate vnode extended attribute calls are:
+.Xr VOP_GETEXTATTR 9 
+and
+.Xr VOP_SETEXTATTR 9 .
+.Sh SEE ALSO
+.Xr VFS 9 ,
+.Xr VOP_GETEXTATTR 9 ,
+.Xr VOP_SETEXTATTR 9 .
+.Sh AUTHORS
+This man page was written by
+.An Robert Watson .