xref: /freebsd/share/man/man9/acl.9 (revision 6fe89339b9618713289aeea1be27fe9a287cd07f)

.\"-
.\" Copyright (c) 1999, 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"       $FreeBSD$
.\"
.Dd December 23, 1999
.Os
.Dt ACL 9
.Sh NAME
.Nm acl
.Nd virtual file system access control lists
.Sh SYNOPSIS
.Fd #include <sys/param.h>
.Fd #include <sys/vnode.h>
.Fd #include <sys/acl.h>
.Pp
.Bd -literal
typedef int     acl_type_t;
typedef int     acl_tag_t;
typedef mode_t  acl_perm_t;

struct acl_entry {
        acl_tag_t       ae_tag;
        uid_t           ae_id;
        acl_perm_t      ae_perm;
};
typedef struct acl_entry        *acl_entry_t;

struct acl {
        int                     acl_cnt;
        struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
};
typedef struct acl      *acl_t;

/*
 * Possible valid values for a_tag of acl_entry_t
 */
#define ACL_USER_OBJ    0x00000001
#define ACL_USER        0x00000002
#define ACL_GROUP_OBJ   0x00000004
#define ACL_GROUP       0x00000008
#define ACL_MASK        0x00000010
#define ACL_OTHER       0x00000020
#define ACL_OTHER_OBJ   ACL_OTHER

/*
 * Possible valid values a_type_t arguments
 */
#define ACL_TYPE_ACCESS         0x00000000
#define ACL_TYPE_DEFAULT        0x00000001
#define ACL_TYPE_AFS            0x00000002
#define ACL_TYPE_CODA           0x00000003
#define ACL_TYPE_NTFS           0x00000004
#define ACL_TYPE_NWFS           0x00000005

/*
 * Possible flags in a_perm field
 */
#define ACL_PERM_EXEC           0x0001
#define ACL_PERM_WRITE          0x0002
#define ACL_PERM_READ           0x0004
#define ACL_PERM_NONE           0x0000
#define ACL_PERM_BITS           (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
#define ACL_POSIX1E_BITS        (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
.Ed
.Sh DESCRIPTION
Access control lists, or ACLs, allow fine-grained specification of rights
for vnodes representing files and directories.  However, as there are a
plethora of file systems with differing ACL semantics, the vnode interface
is aware only of the syntax of ACLs, relying on the underlying file system
to implement the details.  Depending on the underlying file system, each
file or directory may have zero or more ACLs associated with it, named using
the
.Fa type
field of the appropriate vnode ACL calls,
.Xr VOP_ACLCHECK 9 ,
.Xr VOP_GETACL 9 ,
and
.Xr VOP_SETACL 9 .

Currently, each ACL is represented in-kernel by a fixed-size acl structure.
An ACL is constructed from a fixed size array of ACL entries, each of which
consists of a set of permissions, principal namespace, and principal
identifier.  Zero or more of these entries may be "defined", depending on
the value of the associated acl_cnt field.
.Sh SEE ALSO
.Xr VFS 9 ,
.Xr VOP_ACLCHECK 9 ,
.Xr VOP_GETACL 9 ,
.Xr VOP_SETACL 9
.Sh AUTHORS
This man page was written by
.An Robert Watson .