'\" te .\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH ACL 2 "Jan 10, 2007" .SH NAME acl, facl \- get or set a file's Access Control List (ACL) .SH SYNOPSIS .LP .nf #include \fBint\fR \fBacl\fR(\fBchar *\fR\fIpathp\fR, \fBint\fR \fIcmd\fR, \fBint\fR \fInentries\fR, \fBvoid *\fR\fIaclbufp\fR); .fi .LP .nf \fBint\fR \fBfacl\fR(\fBint\fR \fIfildes\fR, \fBint\fR \fIcmd\fR, \fBint\fR \fInentries\fR, \fBvoid *\fR\fIaclbufp\fR); .fi .SH DESCRIPTION .sp .LP The \fBacl()\fR and \fBfacl()\fR functions get or set the \fBACL\fR of a file whose name is given by \fIpathp\fR or referenced by the open file descriptor \fIfildes\fR. The \fInentries\fR argument specifies how many \fBACL\fR entries fit into buffer \fIaclbufp\fR. The \fBacl()\fR function is used to manipulate \fBACL\fR on file system objects. .sp .LP The following types are supported for \fIaclbufp\fR: .sp .ne 2 .na \fB\fBaclent_t\fR\fR .ad .RS 12n Used by the UFS file system. .RE .sp .ne 2 .na \fB\fBace_t\fR\fR .ad .RS 12n Used by the ZFS and NFSv4 file systems. .RE .sp .LP The following values for \fIcmd\fR are supported: .sp .ne 2 .na \fB\fBSETACL\fR\fR .ad .RS 17n \fInentries\fR \fBaclent_t\fR \fBACL\fR entries, specified in buffer \fIaclbufp\fR, are stored in the file's \fBACL\fR. All directories in the path name must be searchable. .RE .sp .ne 2 .na \fB\fBGETACL\fR\fR .ad .RS 17n Buffer \fIaclbufp\fR is filled with the file's \fBaclent_t\fR \fBACL\fR entries. Read access to the file is not required, but all directories in the path name must be searchable. .RE .sp .ne 2 .na \fB\fBGETACLCNT\fR\fR .ad .RS 17n The number of entries in the file's \fBaclent_t\fR \fBACL\fR is returned. Read access to the file is not required, but all directories in the path name must be searchable. .RE .sp .ne 2 .na \fB\fBACE_SETACL\fR\fR .ad .RS 17n \fInentries\fR \fBace_t\fR ACL entries, specified in buffer \fIaclbufp\fR, are stored in the file's ACL. All directories in the path name must be searchable. Write ACL access is required to change the file's ACL. .RE .sp .ne 2 .na \fB\fBACE_GETACL\fR\fR .ad .RS 17n Buffer \fIaclbufp\fR is filled with the file's \fBace_t\fR ACL entries. Read access to the file is required and all directories in the path name must be searchable. .RE .sp .ne 2 .na \fB\fBACE_GETACLCNT\fR\fR .ad .RS 17n The number of entries in the file's \fBace_t\fR ACL is returned. Read access to the file is required and all directories in the path name must be searchable. .RE .SH RETURN VALUES .sp .LP Upon successful completion, \fBacl()\fR and \fBfacl()\fR return \fB0\fR if \fIcmd\fR is \fBSETACL\fR or \fBACE_SETACL\fR. If \fIcmd\fR is \fBGETACL\fR, \fBGETACLCNT\fR, \fBACE_GETACL\fR or \fBACE_GETACLCNT\fR, the number of \fBACL\fR entries is returned. Otherwise, \fB\(mi1\fR is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS .sp .LP The \fBacl()\fR function will fail if: .sp .ne 2 .na \fB\fBEACCES\fR\fR .ad .RS 11n The caller does not have access to a component of the pathname. .RE .sp .ne 2 .na \fB\fBEFAULT\fR\fR .ad .RS 11n The \fIpathp\fR or \fIaclbufp\fR argument points to an illegal address. .RE .sp .ne 2 .na \fB\fBEINVAL\fR\fR .ad .RS 11n The \fIcmd\fR argument is not \fBGETACL\fR, \fBSETACL\fR, \fBACE_GETACL\fR, \fBGETACLCNT\fR, or \fBACE_GETACLCNT\fR; the \fIcmd\fR argument is \fBSETACL\fR and \fInentries\fR is less than 3; or the \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and the \fBACL\fR specified in \fIaclbufp\fR is not valid. .RE .sp .ne 2 .na \fB\fBEIO\fR\fR .ad .RS 11n A disk I/O error has occurred while storing or retrieving the \fBACL.\fR .RE .sp .ne 2 .na \fB\fBENOENT\fR\fR .ad .RS 11n A component of the path does not exist. .RE .sp .ne 2 .na \fB\fBENOSPC\fR\fR .ad .RS 11n The \fIcmd\fR argument is \fBGETACL\fR and \fInentries\fR is less than the number of entries in the file's \fBACL\fR, or the \fIcmd\fR argument is \fBSETACL\fR and there is insufficient space in the file system to store the \fBACL\fR. .RE .sp .ne 2 .na \fB\fBENOSYS\fR\fR .ad .RS 11n The \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and the file specified by \fIpathp\fR resides on a file system that does not support \fBACLs\fR, or the \fBacl()\fR function is not supported by this implementation. .RE .sp .ne 2 .na \fB\fBENOTDIR\fR\fR .ad .RS 11n A component of the path specified by \fIpathp\fR is not a directory, or the \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and an attempt is made to set a default \fBACL\fR on a file type other than a directory. .RE .sp .ne 2 .na \fB\fBENOTSUP\fR\fR .ad .RS 11n The \fIcmd\fR argument is \fBGETACL\fR, but the ACL is composed of \fBace_t\fR entries, and the ACL cannot be translated into \fBaclent_t\fR form. .sp The \fIcmd\fR argument is \fBACE_SETACL\fR, but the underlying filesystem only supports ACLs composed of \fBaclent_t\fR entries and the ACL could not be translated into \fBaclent_t\fR form. .RE .sp .ne 2 .na \fB\fBEPERM\fR\fR .ad .RS 11n The effective user \fBID\fR does not match the owner of the file and the process does not have appropriate privilege. .RE .sp .ne 2 .na \fB\fBEROFS\fR\fR .ad .RS 11n The \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and the file specified by \fIpathp\fR resides on a file system that is mounted read-only. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(7) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability Evolving .TE .SH SEE ALSO .sp .LP .BR getfacl (1), .BR setfacl (1), .BR aclcheck (3SEC), .BR aclsort (3SEC)