1a889d1fbSRobert Watson.\"- 2a21c3aa0SRobert Watson.\" Copyright (c) 2000, 2001 Robert N. M. Watson 3a889d1fbSRobert Watson.\" All rights reserved. 4a889d1fbSRobert Watson.\" 5a889d1fbSRobert Watson.\" Redistribution and use in source and binary forms, with or without 6a889d1fbSRobert Watson.\" modification, are permitted provided that the following conditions 7a889d1fbSRobert Watson.\" are met: 8a889d1fbSRobert Watson.\" 1. Redistributions of source code must retain the above copyright 9a889d1fbSRobert Watson.\" notice, this list of conditions and the following disclaimer. 10a889d1fbSRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright 11a889d1fbSRobert Watson.\" notice, this list of conditions and the following disclaimer in the 12a889d1fbSRobert Watson.\" documentation and/or other materials provided with the distribution. 13a889d1fbSRobert Watson.\" 14a889d1fbSRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15a889d1fbSRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16a889d1fbSRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17a889d1fbSRobert Watson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18a889d1fbSRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19a889d1fbSRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20a889d1fbSRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21a889d1fbSRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22a889d1fbSRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23a889d1fbSRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24a889d1fbSRobert Watson.\" SUCH DAMAGE. 25a889d1fbSRobert Watson.\" 26a889d1fbSRobert Watson.\" $FreeBSD$ 27a889d1fbSRobert Watson.\" 28a889d1fbSRobert Watson.Dd January 28, 2000 29a889d1fbSRobert Watson.Dt ACL 3 30ed403116SRuslan Ermilov.Os FreeBSD 31a889d1fbSRobert Watson.Sh NAME 32c32381adSMike Pritchard.Nm acl 33c32381adSMike Pritchard.Nd introduction to the POSIX.1e ACL security API 34f75b050cSAlexey Zelkin.Sh LIBRARY 35f75b050cSAlexey Zelkin.Lb libposix1e 36a889d1fbSRobert Watson.Sh SYNOPSIS 37a889d1fbSRobert Watson.Fd #include <sys/types.h> 38a889d1fbSRobert Watson.Fd #include <sys/acl.h> 39a889d1fbSRobert Watson.Sh DESCRIPTION 40a21c3aa0SRobert Watson.Fx 41a21c3aa0SRobert Watsonpermits file systems to export Access Control Lists via the VFS, and 42a21c3aa0SRobert Watsonprovides a library for userland access to and manipulation of these ACLs. 43a21c3aa0SRobert WatsonNot all file systems provide support for ACLs, and some may require that 44a21c3aa0SRobert WatsonACL support be explicitely enabled by the administrator. 45a21c3aa0SRobert WatsonThe library calls include routines to allocate, duplicate, retrieve, set, 46a21c3aa0SRobert Watsonand validate ACLs associated with file objects. 47a889d1fbSRobert WatsonAs well as the POSIX.1e routines, there are a number of non-portable 48a889d1fbSRobert Watsonextensions defined that allow for alternative ACL semantics than the 49a21c3aa0SRobert WatsonPOSIX.1e semantics, such as AFS, NTFS, Coda, and NWFS semantics. 50a21c3aa0SRobert WatsonWhere routines are non-standard, they are suffixed with _np to indicate that 51a889d1fbSRobert Watsonthey are not portable. 5242635956SRuslan Ermilov.Pp 53a889d1fbSRobert WatsonPOSIX.1e describes a set of ACL manipulation routines to manage the 54a21c3aa0SRobert Watsoncontents of ACLs, as well as their relationships with files; almost 55a21c3aa0SRobert Watsonall of these support routines are implemented in 56a21c3aa0SRobert Watson.Fx . 5742635956SRuslan Ermilov.Pp 58a889d1fbSRobert WatsonAvailable functions, sorted by behavior, include: 5942635956SRuslan Ermilov.Pp 606822f9dfSChris D. Faulhaber.Fn acl_add_perm 616822f9dfSChris D. Faulhaber.Pp 626822f9dfSChris D. FaulhaberThis function is described in 636822f9dfSChris D. Faulhaber.Xr acl_add_perm 3 , 646822f9dfSChris D. Faulhaberand may be used to add permissions to a permission set. 656822f9dfSChris D. Faulhaber.Pp 666822f9dfSChris D. Faulhaber.Fn acl_calc_mask 676822f9dfSChris D. Faulhaber.Pp 686822f9dfSChris D. FaulhaberThis function is described in 696822f9dfSChris D. Faulhaber.Xr acl_calc_mask 3 , 706822f9dfSChris D. Faulhaberand may be used to calculate and set the permissions associated with 716822f9dfSChris D. Faulhaberthe ACL_MASK entry. 726822f9dfSChris D. Faulhaber.Pp 736822f9dfSChris D. Faulhaber.Fn acl_clear_perms 746822f9dfSChris D. Faulhaber.Pp 756822f9dfSChris D. FaulhaberThis function is described in 766822f9dfSChris D. Faulhaber.Xr acl_clear_perms 3 , 776822f9dfSChris D. Faulhaberand may be used to clear all permissions from a permission set. 786822f9dfSChris D. Faulhaber.Pp 796822f9dfSChris D. Faulhaber.Fn acl_copy_entry 806822f9dfSChris D. Faulhaber.Pp 816822f9dfSChris D. FaulhaberThis function is described in 826822f9dfSChris D. Faulhaber.Xr acl_copy_entry 3 , 836822f9dfSChris D. Faulhaberand may be used to copy the contents of an ACL entry. 846822f9dfSChris D. Faulhaber.Pp 856822f9dfSChris D. Faulhaber.Fn acl_create_entry 866822f9dfSChris D. Faulhaber.Pp 876822f9dfSChris D. FaulhaberThis function is described in 886822f9dfSChris D. Faulhaber.Xr acl_create_entry 3 , 896822f9dfSChris D. Faulhaberand may be used to create an empty entry in an ACL. 906822f9dfSChris D. Faulhaber.Pp 91a889d1fbSRobert Watson.Fn acl_delete_def_file , 92a889d1fbSRobert Watson.Fn acl_delete_file_np , 93a889d1fbSRobert Watson.Fn acl_delete_fd_np 9442635956SRuslan Ermilov.Pp 95a889d1fbSRobert WatsonThese functions are described in 96a889d1fbSRobert Watson.Xr acl_delete 3 , 97a889d1fbSRobert Watsonand may be used to delete ACLs from file system objects. 9842635956SRuslan Ermilov.Pp 996822f9dfSChris D. Faulhaber.Fn acl_delete_entry 1006822f9dfSChris D. Faulhaber.Pp 1016822f9dfSChris D. FaulhaberThis function is described in 1026822f9dfSChris D. Faulhaber.Xr acl_delete_entry 3 , 1036822f9dfSChris D. Faulhaberand may be used to delete an entry from an ACL. 1046822f9dfSChris D. Faulhaber.Pp 1056822f9dfSChris D. Faulhaber.Fn acl_delete_perm 1066822f9dfSChris D. Faulhaber.Pp 1076822f9dfSChris D. FaulhaberThis function is described in 1086822f9dfSChris D. Faulhaber.Xr acl_delete_perm 3 , 1096822f9dfSChris D. Faulhaberand may be used to delete permissions from a permset. 1106822f9dfSChris D. Faulhaber.Pp 1116822f9dfSChris D. Faulhaber.Fn acl_dup 1126822f9dfSChris D. Faulhaber.Pp 1136822f9dfSChris D. FaulhaberThis function is described in 1146822f9dfSChris D. Faulhaber.Xr acl_dup 3 , 1156822f9dfSChris D. Faulhaberand may be used to duplicate an ACL structure. 1166822f9dfSChris D. Faulhaber.Pp 117a889d1fbSRobert Watson.Fn acl_free 11842635956SRuslan Ermilov.Pp 119a889d1fbSRobert WatsonThis function is described in 120a889d1fbSRobert Watson.Xr acl_free 3 , 121a889d1fbSRobert Watsonand may be used to free userland working ACL storage. 12242635956SRuslan Ermilov.Pp 123a889d1fbSRobert Watson.Fn acl_from_text 12442635956SRuslan Ermilov.Pp 125a889d1fbSRobert WatsonThis function is described in 126a889d1fbSRobert Watson.Xr acl_from_text 3 , 127a889d1fbSRobert Watsonand may be used to convert a text-form ACL into working ACL state, if 128a889d1fbSRobert Watsonthe ACL has POSIX.1e semantics. 12942635956SRuslan Ermilov.Pp 130a889d1fbSRobert Watson.Fn acl_get_file , 131a889d1fbSRobert Watson.Fn acl_get_fd , 132a889d1fbSRobert Watson.Fn acl_get_fd_np 13342635956SRuslan Ermilov.Pp 134a889d1fbSRobert WatsonThese functions are described in 135a889d1fbSRobert Watson.Xr acl_get 3 , 136a889d1fbSRobert Watsonand may be used to retrieve ACLs from file system objects. 13742635956SRuslan Ermilov.Pp 1386822f9dfSChris D. Faulhaber.Fn acl_get_permset 1396822f9dfSChris D. Faulhaber.Pp 1406822f9dfSChris D. FaulhaberThis function is described in 1416822f9dfSChris D. Faulhaber.Xr acl_get_permset 3 , 1426822f9dfSChris D. Faulhaberand may be used to retrieve a permset from an ACL entry. 1436822f9dfSChris D. Faulhaber.Pp 1446822f9dfSChris D. Faulhaber.Fn acl_get_qualifier 1456822f9dfSChris D. Faulhaber.Pp 1466822f9dfSChris D. FaulhaberThis function is described in 1476822f9dfSChris D. Faulhaber.Xr acl_get_qualifier 3 , 1486822f9dfSChris D. Faulhaberand may be used to retrieve the qualifier from an ACL entry. 1496822f9dfSChris D. Faulhaber.Pp 1506822f9dfSChris D. Faulhaber.Fn acl_get_tag_type 1516822f9dfSChris D. Faulhaber.Pp 1526822f9dfSChris D. FaulhaberThis function is described in 1536822f9dfSChris D. Faulhaber.Xr acl_get_tag_type 3 , 1546822f9dfSChris D. Faulhaberand may be used to retrieve the tag type from an ACL entry. 1556822f9dfSChris D. Faulhaber.Pp 156a889d1fbSRobert Watson.Fn acl_init 15742635956SRuslan Ermilov.Pp 158a889d1fbSRobert WatsonThis function is described in 159a889d1fbSRobert Watson.Xr acl_init 3 , 160a889d1fbSRobert Watsonand may be used to allocate a fresh (empty) ACL structure. 16142635956SRuslan Ermilov.Pp 162a889d1fbSRobert Watson.Fn acl_set_file , 163a889d1fbSRobert Watson.Fn acl_set_fd , 164a889d1fbSRobert Watson.Fn acl_set_fd_np 16542635956SRuslan Ermilov.Pp 166c32381adSMike PritchardThese functions are described in 167a889d1fbSRobert Watson.Xr acl_set 3 , 168a889d1fbSRobert Watsonand may be used to assign an ACL to a file system object. 16942635956SRuslan Ermilov.Pp 1706822f9dfSChris D. Faulhaber.Fn acl_set_permset 1716822f9dfSChris D. Faulhaber.Pp 1726822f9dfSChris D. FaulhaberThis function is described in 1736822f9dfSChris D. Faulhaber.Xr acl_set_permset 3 , 1746822f9dfSChris D. Faulhaberand may be used to set the permissions of an ACL entry from a permset. 1756822f9dfSChris D. Faulhaber.Pp 1766822f9dfSChris D. Faulhaber.Fn acl_set_qualifier 1776822f9dfSChris D. Faulhaber.Pp 1786822f9dfSChris D. FaulhaberThis function is described in 1796822f9dfSChris D. Faulhaber.Xr acl_set_qualifier 3 , 1806822f9dfSChris D. Faulhaberand may be used to set the qualifier of an ACL. 1816822f9dfSChris D. Faulhaber.Pp 1826822f9dfSChris D. Faulhaber.Fn acl_set_tag_type 1836822f9dfSChris D. Faulhaber.Pp 1846822f9dfSChris D. FaulhaberThis function is described in 1856822f9dfSChris D. Faulhaber.Xr acl_set_tag_type 3 , 1866822f9dfSChris D. Faulhaberand may be used to set the tag type of an ACL. 1876822f9dfSChris D. Faulhaber.Pp 188a889d1fbSRobert Watson.Fn acl_to_text 18942635956SRuslan Ermilov.Pp 190a889d1fbSRobert WatsonThis function is described in 191a889d1fbSRobert Watson.Xr acl_to_text 3 , 192a889d1fbSRobert Watsonand may be used to generate a text-form of a POSIX.1e semantics ACL. 19342635956SRuslan Ermilov.Pp 194a889d1fbSRobert Watson.Fn acl_valid , 195a889d1fbSRobert Watson.Fn acl_valid_file_np , 196a889d1fbSRobert Watson.Fn acl_valid_fd_np 19742635956SRuslan Ermilov.Pp 198a889d1fbSRobert WatsonThee functions are described in 199a889d1fbSRobert Watson.Xr acl_valid 3 , 200a889d1fbSRobert Watsonand may be used to validate an ACL as correct POSIX.1e-semantics, or 201a889d1fbSRobert Watsonas appropriate for a particular file system object regardless of semantics. 20242635956SRuslan Ermilov.Pp 203a889d1fbSRobert WatsonDocumentation of the internal kernel interfaces backing these calls may 204a889d1fbSRobert Watsonbe found in 205a889d1fbSRobert Watson.Xr acl 9 . 206a889d1fbSRobert WatsonThe syscalls between the internal interfaces and the public library 207a21c3aa0SRobert Watsonroutines may change over time, and as such are not documented. 208a21c3aa0SRobert WatsonThey are not intended to be called directly without going through the 209a21c3aa0SRobert Watsonlibrary. 210a889d1fbSRobert Watson.Sh IMPLEMENTATION NOTES 211b5c508fbSRuslan Ermilov.Fx Ns 's 212b5c508fbSRuslan Ermilovsupport for POSIX.1e interfaces and features is still under 213a889d1fbSRobert Watsondevelopment at this time. 2146822f9dfSChris D. Faulhaber.Sh SEE ALSO 2156822f9dfSChris D. Faulhaber.Xr acl_add_perm 3 , 2166822f9dfSChris D. Faulhaber.Xr acl_calc_mask 3 , 2176822f9dfSChris D. Faulhaber.Xr acl_clear_perms 3 , 2186822f9dfSChris D. Faulhaber.Xr acl_copy_entry 3 , 2196822f9dfSChris D. Faulhaber.Xr acl_create_entry 3 , 2206822f9dfSChris D. Faulhaber.Xr acl_delete_entry 3 , 2216822f9dfSChris D. Faulhaber.Xr acl_delete_perm 3 , 2226822f9dfSChris D. Faulhaber.Xr acl_dup 3 , 2236822f9dfSChris D. Faulhaber.Xr acl_free 3 , 2246822f9dfSChris D. Faulhaber.Xr acl_from_text 3 , 2256822f9dfSChris D. Faulhaber.Xr acl_get 3 , 2266822f9dfSChris D. Faulhaber.Xr acl_get_permset 3 , 2276822f9dfSChris D. Faulhaber.Xr acl_get_qualifier 3 , 2286822f9dfSChris D. Faulhaber.Xr acl_get_tag_type 3 , 2296822f9dfSChris D. Faulhaber.Xr acl_init 3 , 2306822f9dfSChris D. Faulhaber.Xr acl_set 3 , 2316822f9dfSChris D. Faulhaber.Xr acl_set_permset 3 , 2326822f9dfSChris D. Faulhaber.Xr acl_set_qualifier 3 , 2336822f9dfSChris D. Faulhaber.Xr acl_set_tag_type 3 , 2346822f9dfSChris D. Faulhaber.Xr acl_to_text 3 , 2356822f9dfSChris D. Faulhaber.Xr acl_valid 3 , 2366822f9dfSChris D. Faulhaber.Xr acl 9 , 2376822f9dfSChris D. Faulhaber.Xr posix1e 3 2386822f9dfSChris D. Faulhaber.Sh STANDARDS 239a889d1fbSRobert WatsonPOSIX.1e assigns security labels to all objects, extending the security 240a21c3aa0SRobert Watsonfunctionality described in POSIX.1. 241a21c3aa0SRobert WatsonThese additional labels provide fine-grained discretionary access control, 242a21c3aa0SRobert Watsonfine-grained capabilities, and labels necessary for mandatory access 243a21c3aa0SRobert Watsoncontrol. 244a21c3aa0SRobert WatsonPOSIX.2c describes a set of userland utilities for manipulating these 245a21c3aa0SRobert Watsonlabels. 2466822f9dfSChris D. Faulhaber.Pp 247a21c3aa0SRobert WatsonPOSIX.1e is described in IEEE POSIX.1e draft 17. 248a21c3aa0SRobert WatsonDiscussion of the draft continues on the cross-platform POSIX.1e 249a21c3aa0SRobert Watsonimplementation mailing list. 250a21c3aa0SRobert WatsonTo join this list, see the 251c32381adSMike Pritchard.Fx 252a21c3aa0SRobert WatsonPOSIX.1e implementation page for more information. 253a889d1fbSRobert Watson.Sh HISTORY 254c32381adSMike PritchardPOSIX.1e support was introduced in 255a21c3aa0SRobert Watson.Fx 4.0 ; 256a21c3aa0SRobert Watson.Fx 5.0 257a21c3aa0SRobert Watsonwas the first version to include a complete ACL implementation based 258a21c3aa0SRobert Watsonon extended attributes. 259a889d1fbSRobert Watson.Sh AUTHORS 260c32381adSMike Pritchard.An Robert N M Watson 261