'\" te
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH ACL_CHECK 3SEC "Apr 22, 2008"
.SH NAME
acl_check \- check the validity of an ACL
.SH SYNOPSIS
.LP
.nf
cc [ \fIflag\fR\&.\|.\|. ] \fIfile\fR\&.\|.\|. \fB-lsec\fR [ \fIlibrary\fR\&.\|.\|. ]
#include <sys/acl.h>

\fBint\fR \fBacl_check\fR(\fBacl_t *\fR\fIaclp\fR, \fBint\fR \fIisdir\fR);
.fi

.SH DESCRIPTION
.sp
.LP
The \fBacl_check()\fR function checks the validity of an ACL pointed to by
\fIaclp\fR. The \fIisdir\fR argument checks the validity of an ACL that will be
applied to a directory. The ACL can be either a POSIX draft ACL as supported by
UFS or NFSv4 ACL as supported by ZFS or NFSV4.
.sp
.LP
When the function verifies a POSIX draft ACL, the rules followed are described
in \fBaclcheck\fR(3SEC). For NFSv4 ACL, the ACL is verified against the
following rules:
.RS +4
.TP
.ie t \(bu
.el o
The inheritance flags are valid.
.RE
.RS +4
.TP
.ie t \(bu
.el o
The ACL must have at least one ACL entry and no more than
{\fBMAX_ACL_ENTRIES\fR}.
.RE
.RS +4
.TP
.ie t \(bu
.el o
The permission field contains only supported permissions.
.RE
.RS +4
.TP
.ie t \(bu
.el o
The entry type is valid.
.RE
.RS +4
.TP
.ie t \(bu
.el o
The flag fields contain only valid flags as supported by NFSv4/ZFS.
.RE
.sp
.LP
If any of the above rules are violated, the function fails with \fBerrno\fR set
to \fBEINVAL\fR.
.SH RETURN VALUES
.sp
.LP
If the ACL is valid, \fBacl_check()\fR returns 0. Otherwise \fBerrno\fR is set
to \fBEINVAL\fR and the return value is set to one of the following:
.sp
.ne 2
.na
\fB\fBEACL_INHERIT_ERROR\fR\fR
.ad
.RS 23n
There are invalid inheritance flags specified.
.RE

.sp
.ne 2
.na
\fB\fBEACL_FLAGS_ERROR\fR\fR
.ad
.RS 23n
There are invalid flags specified on the ACL that don't map to supported flags
in NFSV4/ZFS ACL model.
.RE

.sp
.ne 2
.na
\fB\fBEACL_ENTRY_ERROR\fR\fR
.ad
.RS 23n
The ACL contains an unknown value in the type field.
.RE

.sp
.ne 2
.na
\fB\fBEACL_MEM_ERROR\fR\fR
.ad
.RS 23n
The system cannot allocate any memory.
.RE

.sp
.ne 2
.na
\fB\fBEACL_INHERIT_NOTDIR\fR\fR
.ad
.RS 23n
Inheritance flags are only allowed for ACLs on directories.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	Committed
_
MT-Level	MT-Safe
.TE

.SH SEE ALSO
.sp
.LP
\fBacl\fR(2), \fBaclcheck\fR(3SEC), \fBaclsort\fR(3SEC), \fBacl\fR(5),
\fBattributes\fR(5)