xref: /freebsd/share/man/man9/acl.9 (revision 54ab3ed82b639b593fb0fe6db845e38a9d18970e) 
1.\"-
2.\" Copyright (c) 1999-2001 Robert N. M. Watson
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.\"       $FreeBSD$
27.\"
28.Dd December 23, 1999
29.Os
30.Dt ACL 9
31.Sh NAME
32.Nm acl
33.Nd virtual file system access control lists
34.Sh SYNOPSIS
35.In sys/param.h
36.In sys/vnode.h
37.In sys/acl.h
38.Pp
39.Bd -literal
40typedef int     acl_type_t;
41typedef int     acl_tag_t;
42typedef mode_t  acl_perm_t;
43typedef mode_t  *acl_permset_t;
44
45struct acl_entry {
46        acl_tag_t       ae_tag;
47        uid_t           ae_id;
48        acl_perm_t      ae_perm;
49};
50typedef struct acl_entry        *acl_entry_t;
51
52/* internal ACL structure */
53struct acl {
54        int                     acl_cnt;
55        struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
56};
57
58/* external ACL structure */
59struct acl_t_struct {
60        struct acl              ats_acl;
61        int                     ats_cur_entry;
62};
63typedef struct acl_t_struct *acl_t;
64
65/*
66 * Possible valid values for ae_tag field.
67 */
68#define ACL_UNDEFINED_TAG       0x00000000
69#define ACL_USER_OBJ            0x00000001
70#define ACL_USER                0x00000002
71#define ACL_GROUP_OBJ           0x00000004
72#define ACL_GROUP               0x00000008
73#define ACL_MASK                0x00000010
74#define ACL_OTHER               0x00000020
75#define ACL_OTHER_OBJ           ACL_OTHER
76
77/*
78 * Possible valid values for acl_type_t arguments.
79 */
80#define ACL_TYPE_ACCESS         0x00000000
81#define ACL_TYPE_DEFAULT        0x00000001
82#define ACL_TYPE_AFS            0x00000002
83#define ACL_TYPE_CODA           0x00000003
84#define ACL_TYPE_NTFS           0x00000004
85#define ACL_TYPE_NWFS           0x00000005
86
87/*
88 * Possible flags in ae_perm field.
89 */
90#define ACL_EXECUTE             0x0001
91#define ACL_WRITE               0x0002
92#define ACL_READ                0x0004
93#define ACL_PERM_NONE           0x0000
94#define ACL_PERM_BITS           (ACL_EXECUTE | ACL_WRITE | ACL_READ)
95#define ACL_POSIX1E_BITS        (ACL_EXECUTE | ACL_WRITE | ACL_READ)
96
97/*
98 * Possible entry_id values for acl_get_entry()
99 */
100#define ACL_FIRST_ENTRY         0
101#define ACL_NEXT_ENTRY          1
102
103/*
104 * Undefined value in ae_id field
105 */
106#define ACL_UNDEFINED_ID        ((uid_t)-1)
107.Ed
108.Sh DESCRIPTION
109Access control lists, or ACLs, allow fine-grained specification of rights
110for vnodes representing files and directories.  However, as there are a
111plethora of file systems with differing ACL semantics, the vnode interface
112is aware only of the syntax of ACLs, relying on the underlying file system
113to implement the details.  Depending on the underlying file system, each
114file or directory may have zero or more ACLs associated with it, named using
115the
116.Fa type
117field of the appropriate vnode ACL calls,
118.Xr VOP_ACLCHECK 9 ,
119.Xr VOP_GETACL 9 ,
120and
121.Xr VOP_SETACL 9 .
122.Pp
123Currently, each ACL is represented in-kernel by a fixed-size acl structure.
124An ACL is constructed from a fixed size array of ACL entries, each of which
125consists of a set of permissions, principal namespace, and principal
126identifier.  Zero or more of these entries may be "defined", depending on
127the value of the associated acl_cnt field.
128.Sh SEE ALSO
129.Xr VFS 9 ,
130.Xr VOP_ACLCHECK 9 ,
131.Xr VOP_GETACL 9 ,
132.Xr VOP_SETACL 9
133.Sh AUTHORS
134This man page was written by
135.An Robert Watson .
136