xref: /freebsd/share/man/man9/acl.9 (revision 67ea1c241237bb20b9d562529313249e73d278da) 
132900e82SRobert Watson.\"-
28a2d4f51SChris D. Faulhaber.\" Copyright (c) 1999-2001 Robert N. M. Watson
332900e82SRobert Watson.\" All rights reserved.
432900e82SRobert Watson.\"
532900e82SRobert Watson.\" Redistribution and use in source and binary forms, with or without
632900e82SRobert Watson.\" modification, are permitted provided that the following conditions
732900e82SRobert Watson.\" are met:
832900e82SRobert Watson.\" 1. Redistributions of source code must retain the above copyright
932900e82SRobert Watson.\"    notice, this list of conditions and the following disclaimer.
1032900e82SRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright
1132900e82SRobert Watson.\"    notice, this list of conditions and the following disclaimer in the
1232900e82SRobert Watson.\"    documentation and/or other materials provided with the distribution.
1332900e82SRobert Watson.\"
1432900e82SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1532900e82SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1632900e82SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1732900e82SRobert Watson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1832900e82SRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1932900e82SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2032900e82SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2132900e82SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2232900e82SRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2332900e82SRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2432900e82SRobert Watson.\" SUCH DAMAGE.
2532900e82SRobert Watson.\"
2632900e82SRobert Watson.\"       $FreeBSD$
2732900e82SRobert Watson.\"
2832900e82SRobert Watson.Dd December 23, 1999
2932900e82SRobert Watson.Os
3032900e82SRobert Watson.Dt ACL 9
3132900e82SRobert Watson.Sh NAME
3232900e82SRobert Watson.Nm acl
3332900e82SRobert Watson.Nd virtual file system access control lists
3432900e82SRobert Watson.Sh SYNOPSIS
3532eef9aeSRuslan Ermilov.In sys/param.h
3632eef9aeSRuslan Ermilov.In sys/vnode.h
3732eef9aeSRuslan Ermilov.In sys/acl.h
3832900e82SRobert Watson.Pp
3932900e82SRobert Watson.Bd -literal
4032900e82SRobert Watsontypedef int     acl_type_t;
4132900e82SRobert Watsontypedef int     acl_tag_t;
4232900e82SRobert Watsontypedef mode_t  acl_perm_t;
438a2d4f51SChris D. Faulhabertypedef mode_t  *acl_permset_t;
4432900e82SRobert Watson
4532900e82SRobert Watsonstruct acl_entry {
4632900e82SRobert Watson        acl_tag_t       ae_tag;
4732900e82SRobert Watson        uid_t           ae_id;
4832900e82SRobert Watson        acl_perm_t      ae_perm;
4932900e82SRobert Watson};
5032900e82SRobert Watsontypedef struct acl_entry        *acl_entry_t;
5132900e82SRobert Watson
528a2d4f51SChris D. Faulhaber/* internal ACL structure */
5332900e82SRobert Watsonstruct acl {
5432900e82SRobert Watson        int                     acl_cnt;
55ca7d2b82SRobert Watson        struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
5632900e82SRobert Watson};
578a2d4f51SChris D. Faulhaber
588a2d4f51SChris D. Faulhaber/* external ACL structure */
598a2d4f51SChris D. Faulhaberstruct acl_t_struct {
608a2d4f51SChris D. Faulhaber        struct acl              ats_acl;
618a2d4f51SChris D. Faulhaber        int                     ats_cur_entry;
628a2d4f51SChris D. Faulhaber};
638a2d4f51SChris D. Faulhabertypedef struct acl_t_struct *acl_t;
6432900e82SRobert Watson
6532900e82SRobert Watson/*
668a2d4f51SChris D. Faulhaber * Possible valid values for ae_tag field.
6732900e82SRobert Watson */
688a2d4f51SChris D. Faulhaber#define ACL_UNDEFINED_TAG       0x00000000
6932900e82SRobert Watson#define ACL_USER_OBJ            0x00000001
7032900e82SRobert Watson#define ACL_USER                0x00000002
7132900e82SRobert Watson#define ACL_GROUP_OBJ           0x00000004
7232900e82SRobert Watson#define ACL_GROUP               0x00000008
7332900e82SRobert Watson#define ACL_MASK                0x00000010
7432900e82SRobert Watson#define ACL_OTHER               0x00000020
7532900e82SRobert Watson#define ACL_OTHER_OBJ           ACL_OTHER
7632900e82SRobert Watson
77ca7d2b82SRobert Watson/*
788a2d4f51SChris D. Faulhaber * Possible valid values for acl_type_t arguments.
79ca7d2b82SRobert Watson */
8032900e82SRobert Watson#define ACL_TYPE_ACCESS         0x00000000
8132900e82SRobert Watson#define ACL_TYPE_DEFAULT        0x00000001
82ca7d2b82SRobert Watson#define ACL_TYPE_AFS            0x00000002
83ca7d2b82SRobert Watson#define ACL_TYPE_CODA           0x00000003
84ca7d2b82SRobert Watson#define ACL_TYPE_NTFS           0x00000004
85ca7d2b82SRobert Watson#define ACL_TYPE_NWFS           0x00000005
8632900e82SRobert Watson
8732900e82SRobert Watson/*
888a2d4f51SChris D. Faulhaber * Possible flags in ae_perm field.
8932900e82SRobert Watson */
908a2d4f51SChris D. Faulhaber#define ACL_EXECUTE             0x0001
918a2d4f51SChris D. Faulhaber#define ACL_WRITE               0x0002
928a2d4f51SChris D. Faulhaber#define ACL_READ                0x0004
9332900e82SRobert Watson#define ACL_PERM_NONE           0x0000
948a2d4f51SChris D. Faulhaber#define ACL_PERM_BITS           (ACL_EXECUTE | ACL_WRITE | ACL_READ)
958a2d4f51SChris D. Faulhaber#define ACL_POSIX1E_BITS        (ACL_EXECUTE | ACL_WRITE | ACL_READ)
968a2d4f51SChris D. Faulhaber
978a2d4f51SChris D. Faulhaber/*
988a2d4f51SChris D. Faulhaber * Possible entry_id values for acl_get_entry()
998a2d4f51SChris D. Faulhaber */
1008a2d4f51SChris D. Faulhaber#define ACL_FIRST_ENTRY         0
1018a2d4f51SChris D. Faulhaber#define ACL_NEXT_ENTRY          1
1028a2d4f51SChris D. Faulhaber
1038a2d4f51SChris D. Faulhaber/*
1048a2d4f51SChris D. Faulhaber * Undefined value in ae_id field
1058a2d4f51SChris D. Faulhaber */
1068a2d4f51SChris D. Faulhaber#define ACL_UNDEFINED_ID        ((uid_t)-1)
10732900e82SRobert Watson.Ed
10832900e82SRobert Watson.Sh DESCRIPTION
10932900e82SRobert WatsonAccess control lists, or ACLs, allow fine-grained specification of rights
11032900e82SRobert Watsonfor vnodes representing files and directories.  However, as there are a
11132900e82SRobert Watsonplethora of file systems with differing ACL semantics, the vnode interface
11232900e82SRobert Watsonis aware only of the syntax of ACLs, relying on the underlying file system
11332900e82SRobert Watsonto implement the details.  Depending on the underlying file system, each
11432900e82SRobert Watsonfile or directory may have zero or more ACLs associated with it, named using
11532900e82SRobert Watsonthe
11632900e82SRobert Watson.Fa type
11732900e82SRobert Watsonfield of the appropriate vnode ACL calls,
11832900e82SRobert Watson.Xr VOP_ACLCHECK 9 ,
11932900e82SRobert Watson.Xr VOP_GETACL 9 ,
12032900e82SRobert Watsonand
12132900e82SRobert Watson.Xr VOP_SETACL 9 .
1223136363fSRuslan Ermilov.Pp
12332900e82SRobert WatsonCurrently, each ACL is represented in-kernel by a fixed-size acl structure.
12432900e82SRobert WatsonAn ACL is constructed from a fixed size array of ACL entries, each of which
12532900e82SRobert Watsonconsists of a set of permissions, principal namespace, and principal
12632900e82SRobert Watsonidentifier.  Zero or more of these entries may be "defined", depending on
12732900e82SRobert Watsonthe value of the associated acl_cnt field.
12832900e82SRobert Watson.Sh SEE ALSO
12967ea1c24SChris Costello.Xr acl 3 ,
13067ea1c24SChris Costello.Xr vaccess 9 ,
13167ea1c24SChris Costello.Xr vaccess_acl_posix1e 9 ,
13232900e82SRobert Watson.Xr VFS 9 ,
13332900e82SRobert Watson.Xr VOP_ACLCHECK 9 ,
13432900e82SRobert Watson.Xr VOP_GETACL 9 ,
1356fe89339SBen Smithurst.Xr VOP_SETACL 9
13632900e82SRobert Watson.Sh AUTHORS
13732900e82SRobert WatsonThis man page was written by
13832900e82SRobert Watson.An Robert Watson .
139