56062578c4
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
139 lines
4.5 KiB
Groff
139 lines
4.5 KiB
Groff
.\"-
|
|
.\" Copyright (c) 1999-2001 Robert N. M. Watson
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd December 23, 1999
|
|
.Os
|
|
.Dt ACL 9
|
|
.Sh NAME
|
|
.Nm acl
|
|
.Nd virtual file system access control lists
|
|
.Sh SYNOPSIS
|
|
.In sys/param.h
|
|
.In sys/vnode.h
|
|
.In sys/acl.h
|
|
.Pp
|
|
.Bd -literal
|
|
typedef int acl_type_t;
|
|
typedef int acl_tag_t;
|
|
typedef mode_t acl_perm_t;
|
|
typedef mode_t *acl_permset_t;
|
|
|
|
struct acl_entry {
|
|
acl_tag_t ae_tag;
|
|
uid_t ae_id;
|
|
acl_perm_t ae_perm;
|
|
};
|
|
typedef struct acl_entry *acl_entry_t;
|
|
|
|
/* internal ACL structure */
|
|
struct acl {
|
|
int acl_cnt;
|
|
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
|
|
};
|
|
|
|
/* external ACL structure */
|
|
struct acl_t_struct {
|
|
struct acl ats_acl;
|
|
int ats_cur_entry;
|
|
};
|
|
typedef struct acl_t_struct *acl_t;
|
|
|
|
/*
|
|
* Possible valid values for ae_tag field.
|
|
*/
|
|
#define ACL_UNDEFINED_TAG 0x00000000
|
|
#define ACL_USER_OBJ 0x00000001
|
|
#define ACL_USER 0x00000002
|
|
#define ACL_GROUP_OBJ 0x00000004
|
|
#define ACL_GROUP 0x00000008
|
|
#define ACL_MASK 0x00000010
|
|
#define ACL_OTHER 0x00000020
|
|
#define ACL_OTHER_OBJ ACL_OTHER
|
|
|
|
/*
|
|
* Possible valid values for acl_type_t arguments.
|
|
*/
|
|
#define ACL_TYPE_ACCESS 0x00000000
|
|
#define ACL_TYPE_DEFAULT 0x00000001
|
|
#define ACL_TYPE_AFS 0x00000002
|
|
#define ACL_TYPE_CODA 0x00000003
|
|
#define ACL_TYPE_NTFS 0x00000004
|
|
#define ACL_TYPE_NWFS 0x00000005
|
|
|
|
/*
|
|
* Possible flags in ae_perm field.
|
|
*/
|
|
#define ACL_EXECUTE 0x0001
|
|
#define ACL_WRITE 0x0002
|
|
#define ACL_READ 0x0004
|
|
#define ACL_PERM_NONE 0x0000
|
|
#define ACL_PERM_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ)
|
|
#define ACL_POSIX1E_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ)
|
|
|
|
/*
|
|
* Possible entry_id values for acl_get_entry()
|
|
*/
|
|
#define ACL_FIRST_ENTRY 0
|
|
#define ACL_NEXT_ENTRY 1
|
|
|
|
/*
|
|
* Undefined value in ae_id field
|
|
*/
|
|
#define ACL_UNDEFINED_ID ((uid_t)-1)
|
|
.Ed
|
|
.Sh DESCRIPTION
|
|
Access control lists, or ACLs, allow fine-grained specification of rights
|
|
for vnodes representing files and directories. However, as there are a
|
|
plethora of file systems with differing ACL semantics, the vnode interface
|
|
is aware only of the syntax of ACLs, relying on the underlying file system
|
|
to implement the details. Depending on the underlying file system, each
|
|
file or directory may have zero or more ACLs associated with it, named using
|
|
the
|
|
.Fa type
|
|
field of the appropriate vnode ACL calls,
|
|
.Xr VOP_ACLCHECK 9 ,
|
|
.Xr VOP_GETACL 9 ,
|
|
and
|
|
.Xr VOP_SETACL 9 .
|
|
.Pp
|
|
Currently, each ACL is represented in-kernel by a fixed-size acl structure.
|
|
An ACL is constructed from a fixed size array of ACL entries, each of which
|
|
consists of a set of permissions, principal namespace, and principal
|
|
identifier. Zero or more of these entries may be "defined", depending on
|
|
the value of the associated acl_cnt field.
|
|
.Sh SEE ALSO
|
|
.Xr acl 3 ,
|
|
.Xr vaccess 9 ,
|
|
.Xr vaccess_acl_posix1e 9 ,
|
|
.Xr VFS 9 ,
|
|
.Xr VOP_ACLCHECK 9 ,
|
|
.Xr VOP_GETACL 9 ,
|
|
.Xr VOP_SETACL 9
|
|
.Sh AUTHORS
|
|
This man page was written by
|
|
.An Robert Watson .
|