ACL(2) System Calls ACL(2)
NAME
acl, facl - get or set a file's Access Control List (ACL)
SYNOPSIS
#include <sys/acl.h>
int acl(
char *pathp,
int cmd,
int nentries,
void *aclbufp);
int facl(
int fildes,
int cmd,
int nentries,
void *aclbufp);
DESCRIPTION
The
acl() and
facl() functions get or set the
ACL of a file whose name
is given by
pathp or referenced by the open file descriptor
fildes. The
nentries argument specifies how many
ACL entries fit into buffer
aclbufp.
The
acl() function is used to manipulate
ACL on file system objects.
The following types are supported for
aclbufp:
aclent_t Used by the UFS file system.
ace_t Used by the ZFS and NFSv4 file systems.
The following values for
cmd are supported:
SETACL nentries aclent_t ACL entries, specified in buffer
aclbufp, are stored in the file's
ACL. All directories
in the path name must be searchable.
GETACL Buffer
aclbufp is filled with the file's
aclent_t ACL entries. Read access to the file is not required, but
all directories in the path name must be searchable.
GETACLCNT The number of entries in the file's
aclent_t ACL is
returned. Read access to the file is not required, but
all directories in the path name must be searchable.
ACE_SETACL nentries ace_t ACL entries, specified in buffer
aclbufp,
are stored in the file's ACL. All directories in the
path name must be searchable. Write ACL access is
required to change the file's ACL.
ACE_GETACL Buffer
aclbufp is filled with the file's
ace_t ACL
entries. Read access to the file is required and all
directories in the path name must be searchable.
ACE_GETACLCNT The number of entries in the file's
ace_t ACL is
returned. Read access to the file is required and all
directories in the path name must be searchable.
RETURN VALUES
Upon successful completion,
acl() and
facl() return
0 if
cmd is
SETACL or
ACE_SETACL. If
cmd is
GETACL,
GETACLCNT,
ACE_GETACL or
ACE_GETACLCNT,
the number of
ACL entries is returned. Otherwise,
-1 is returned and
errno is set to indicate the error.
ERRORS
The
acl() function will fail if:
EACCES The caller does not have access to a component of the
pathname.
EFAULT The
pathp or
aclbufp argument points to an illegal address.
EINVAL The
cmd argument is not
GETACL,
SETACL,
ACE_GETACL,
GETACLCNT, or
ACE_GETACLCNT; the
cmd argument is
SETACL and
nentries is less than 3; or the
cmd argument is
SETACL or
ACE_SETACL and the
ACL specified in
aclbufp is not valid.
EIO A disk I/O error has occurred while storing or retrieving
the
ACL. ENOENT A component of the path does not exist.
ENOSPC The
cmd argument is
GETACL and
nentries is less than the
number of entries in the file's
ACL, or the
cmd argument is
SETACL and there is insufficient space in the file system to
store the
ACL.
ENOSYS The
cmd argument is
SETACL or
ACE_SETACL and the file
specified by
pathp resides on a file system that does not
support
ACLs, or the
acl() function is not supported by this
implementation.
ENOTDIR A component of the path specified by
pathp is not a directory,
or the
cmd argument is
SETACL or
ACE_SETACL and an attempt is
made to set a default
ACL on a file type other than a
directory.
ENOTSUP The
cmd argument is
GETACL, but the ACL is composed of
ace_t entries, and the ACL cannot be translated into
aclent_t form.
The
cmd argument is
ACE_SETACL, but the underlying filesystem
only supports ACLs composed of
aclent_t entries and the ACL
could not be translated into
aclent_t form.
EPERM The effective user
ID does not match the owner of the file and
the process does not have appropriate privilege.
EROFS The
cmd argument is
SETACL or
ACE_SETACL and the file
specified by
pathp resides on a file system that is mounted
read-only.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------------+------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------------+------------------+
|Interface Stability | Evolving |
+---------------------+------------------+
SEE ALSO
getfacl(1),
setfacl(1),
aclcheck(3SEC),
aclsort(3SEC) January 10, 2007
ACL(2)