ACL(2) System Calls ACL(2)

NAME


acl, facl - get or set a file's Access Control List (ACL)

SYNOPSIS


#include <sys/acl.h>

int acl(char *pathp, int cmd, int nentries, void *aclbufp);


int facl(int fildes, int cmd, int nentries, void *aclbufp);


DESCRIPTION


The acl() and facl() functions get or set the ACL of a file whose name
is given by pathp or referenced by the open file descriptor fildes. The
nentries argument specifies how many ACL entries fit into buffer aclbufp.
The acl() function is used to manipulate ACL on file system objects.


The following types are supported for aclbufp:

aclent_t
Used by the UFS file system.


ace_t
Used by the ZFS and NFSv4 file systems.


The following values for cmd are supported:

SETACL
nentries aclent_t ACL entries, specified in buffer
aclbufp, are stored in the file's ACL. All directories
in the path name must be searchable.


GETACL
Buffer aclbufp is filled with the file's aclent_t ACL
entries. Read access to the file is not required, but
all directories in the path name must be searchable.


GETACLCNT
The number of entries in the file's aclent_t ACL is
returned. Read access to the file is not required, but
all directories in the path name must be searchable.


ACE_SETACL
nentries ace_t ACL entries, specified in buffer aclbufp,
are stored in the file's ACL. All directories in the
path name must be searchable. Write ACL access is
required to change the file's ACL.


ACE_GETACL
Buffer aclbufp is filled with the file's ace_t ACL
entries. Read access to the file is required and all
directories in the path name must be searchable.


ACE_GETACLCNT
The number of entries in the file's ace_t ACL is
returned. Read access to the file is required and all
directories in the path name must be searchable.


RETURN VALUES


Upon successful completion, acl() and facl() return 0 if cmd is SETACL
or ACE_SETACL. If cmd is GETACL, GETACLCNT, ACE_GETACL or ACE_GETACLCNT,
the number of ACL entries is returned. Otherwise, -1 is returned and
errno is set to indicate the error.

ERRORS


The acl() function will fail if:

EACCES
The caller does not have access to a component of the
pathname.


EFAULT
The pathp or aclbufp argument points to an illegal address.


EINVAL
The cmd argument is not GETACL, SETACL, ACE_GETACL,
GETACLCNT, or ACE_GETACLCNT; the cmd argument is SETACL and
nentries is less than 3; or the cmd argument is SETACL or
ACE_SETACL and the ACL specified in aclbufp is not valid.


EIO
A disk I/O error has occurred while storing or retrieving
the ACL.


ENOENT
A component of the path does not exist.


ENOSPC
The cmd argument is GETACL and nentries is less than the
number of entries in the file's ACL, or the cmd argument is
SETACL and there is insufficient space in the file system to
store the ACL.


ENOSYS
The cmd argument is SETACL or ACE_SETACL and the file
specified by pathp resides on a file system that does not
support ACLs, or the acl() function is not supported by this
implementation.


ENOTDIR
A component of the path specified by pathp is not a directory,
or the cmd argument is SETACL or ACE_SETACL and an attempt is
made to set a default ACL on a file type other than a
directory.


ENOTSUP
The cmd argument is GETACL, but the ACL is composed of ace_t
entries, and the ACL cannot be translated into aclent_t form.

The cmd argument is ACE_SETACL, but the underlying filesystem
only supports ACLs composed of aclent_t entries and the ACL
could not be translated into aclent_t form.


EPERM
The effective user ID does not match the owner of the file and
the process does not have appropriate privilege.


EROFS
The cmd argument is SETACL or ACE_SETACL and the file
specified by pathp resides on a file system that is mounted
read-only.


ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+---------------------+------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------------+------------------+
|Interface Stability | Evolving |
+---------------------+------------------+

SEE ALSO


getfacl(1), setfacl(1), aclcheck(3SEC), aclsort(3SEC)

January 10, 2007 ACL(2)