'\" te
.\" Copyright (c) 2007, Sun Microsystems, Inc.  All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH ACL 2 "Jan 10, 2007"
.SH NAME
acl, facl \- get or set a file's Access Control List (ACL)
.SH SYNOPSIS
.LP
.nf
#include <sys/acl.h>

\fBint\fR \fBacl\fR(\fBchar *\fR\fIpathp\fR, \fBint\fR \fIcmd\fR, \fBint\fR \fInentries\fR, \fBvoid *\fR\fIaclbufp\fR);
.fi

.LP
.nf
\fBint\fR \fBfacl\fR(\fBint\fR \fIfildes\fR, \fBint\fR \fIcmd\fR, \fBint\fR \fInentries\fR, \fBvoid *\fR\fIaclbufp\fR);
.fi

.SH DESCRIPTION
.sp
.LP
The \fBacl()\fR and \fBfacl()\fR functions get or set the  \fBACL\fR of a file
whose name is given by \fIpathp\fR or referenced by the open file descriptor
\fIfildes\fR. The \fInentries\fR argument specifies how many \fBACL\fR entries
fit into buffer \fIaclbufp\fR. The \fBacl()\fR function is used to manipulate
\fBACL\fR on file system objects.
.sp
.LP
The following types are supported for \fIaclbufp\fR:
.sp
.ne 2
.na
\fB\fBaclent_t\fR\fR
.ad
.RS 12n
Used by the UFS file system.
.RE

.sp
.ne 2
.na
\fB\fBace_t\fR\fR
.ad
.RS 12n
Used by the ZFS and NFSv4 file systems.
.RE

.sp
.LP
The following values for \fIcmd\fR are supported:
.sp
.ne 2
.na
\fB\fBSETACL\fR\fR
.ad
.RS 17n
\fInentries\fR \fBaclent_t\fR \fBACL\fR entries, specified in buffer
\fIaclbufp\fR, are stored in the file's  \fBACL\fR. All directories in the path
name must be searchable.
.RE

.sp
.ne 2
.na
\fB\fBGETACL\fR\fR
.ad
.RS 17n
Buffer \fIaclbufp\fR is filled with the file's  \fBaclent_t\fR \fBACL\fR
entries. Read access to the file is not required, but all directories in the
path name must be searchable.
.RE

.sp
.ne 2
.na
\fB\fBGETACLCNT\fR\fR
.ad
.RS 17n
The number of entries in the file's \fBaclent_t\fR \fBACL\fR is returned. Read
access to the file is not required, but all directories in the path name must
be searchable.
.RE

.sp
.ne 2
.na
\fB\fBACE_SETACL\fR\fR
.ad
.RS 17n
\fInentries\fR \fBace_t\fR ACL entries, specified in buffer \fIaclbufp\fR, are
stored in the file's ACL. All directories in the path name must be searchable.
Write ACL access is required to change the file's ACL.
.RE

.sp
.ne 2
.na
\fB\fBACE_GETACL\fR\fR
.ad
.RS 17n
Buffer \fIaclbufp\fR is filled with the file's \fBace_t\fR ACL entries. Read
access to the file is required and all directories in the path name must be
searchable.
.RE

.sp
.ne 2
.na
\fB\fBACE_GETACLCNT\fR\fR
.ad
.RS 17n
The number of entries in the file's \fBace_t\fR ACL is  returned. Read access
to the file is required and all directories in the path name must be
searchable.
.RE

.SH RETURN VALUES
.sp
.LP
Upon successful completion, \fBacl()\fR and \fBfacl()\fR return \fB0\fR if
\fIcmd\fR is  \fBSETACL\fR or \fBACE_SETACL\fR. If \fIcmd\fR is  \fBGETACL\fR,
\fBGETACLCNT\fR, \fBACE_GETACL\fR or \fBACE_GETACLCNT\fR, the number of
\fBACL\fR entries is returned. Otherwise, \fB\(mi1\fR is returned and
\fBerrno\fR is set to indicate the error.
.SH ERRORS
.sp
.LP
The \fBacl()\fR function will fail if:
.sp
.ne 2
.na
\fB\fBEACCES\fR\fR
.ad
.RS 11n
The caller does not have access to a component of the pathname.
.RE

.sp
.ne 2
.na
\fB\fBEFAULT\fR\fR
.ad
.RS 11n
The \fIpathp\fR or \fIaclbufp\fR argument points to an illegal address.
.RE

.sp
.ne 2
.na
\fB\fBEINVAL\fR\fR
.ad
.RS 11n
The \fIcmd\fR argument is not  \fBGETACL\fR, \fBSETACL\fR, \fBACE_GETACL\fR,
\fBGETACLCNT\fR, or \fBACE_GETACLCNT\fR; the \fIcmd\fR argument is
\fBSETACL\fR and  \fInentries\fR is less than 3; or the \fIcmd\fR argument is
\fBSETACL\fR or \fBACE_SETACL\fR and the \fBACL\fR specified in \fIaclbufp\fR
is not valid.
.RE

.sp
.ne 2
.na
\fB\fBEIO\fR\fR
.ad
.RS 11n
A disk  I/O  error has occurred while storing or retrieving the  \fBACL.\fR
.RE

.sp
.ne 2
.na
\fB\fBENOENT\fR\fR
.ad
.RS 11n
A component of the path does not exist.
.RE

.sp
.ne 2
.na
\fB\fBENOSPC\fR\fR
.ad
.RS 11n
The \fIcmd\fR argument is  \fBGETACL\fR and \fInentries\fR is less than the
number of entries in the file's  \fBACL\fR, or the \fIcmd\fR argument is
\fBSETACL\fR and there is insufficient space in the file system to store the
\fBACL\fR.
.RE

.sp
.ne 2
.na
\fB\fBENOSYS\fR\fR
.ad
.RS 11n
The \fIcmd\fR argument is  \fBSETACL\fR or \fBACE_SETACL\fR and the file
specified by \fIpathp\fR resides on a file system that does not support
\fBACLs\fR, or the \fBacl()\fR function is not supported by this
implementation.
.RE

.sp
.ne 2
.na
\fB\fBENOTDIR\fR\fR
.ad
.RS 11n
A component of the path specified by \fIpathp\fR is not a directory, or the
\fIcmd\fR argument is  \fBSETACL\fR or \fBACE_SETACL\fR and an attempt is made
to set a default \fBACL\fR on a file type other than a directory.
.RE

.sp
.ne 2
.na
\fB\fBENOTSUP\fR\fR
.ad
.RS 11n
The \fIcmd\fR argument is \fBGETACL\fR, but the ACL is composed of \fBace_t\fR
entries, and the ACL cannot be translated into \fBaclent_t\fR form.
.sp
The \fIcmd\fR argument is \fBACE_SETACL\fR, but the underlying filesystem only
supports ACLs composed of \fBaclent_t\fR entries and the ACL could not be
translated into \fBaclent_t\fR form.
.RE

.sp
.ne 2
.na
\fB\fBEPERM\fR\fR
.ad
.RS 11n
The effective user \fBID\fR does not match the owner of the file and the
process does not have appropriate privilege.
.RE

.sp
.ne 2
.na
\fB\fBEROFS\fR\fR
.ad
.RS 11n
The \fIcmd\fR argument is  \fBSETACL\fR or \fBACE_SETACL\fR and the file
specified by \fIpathp\fR resides on a file system that is mounted read-only.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE  TYPE	ATTRIBUTE  VALUE
_
Interface  Stability	Evolving
.TE

.SH SEE ALSO
.sp
.LP
\fBgetfacl\fR(1), \fBsetfacl\fR(1), \fBaclcheck\fR(3SEC), \fBaclsort\fR(3SEC)