File Access Control Library Functions acltotext(3SEC)
NAME
acltotext, aclfromtext - convert internal representation
to or from external representation
SYNOPSIS
cc [ flag... ] file... -lsec [ library... ]
#include
char *acltotext(aclt *aclp, int flags);
int aclfromtext(char *acltextp, aclt **aclp);
DESCRIPTION
The acltotext() function converts an internal ACL represen-
tation pointed to by aclp into an external ACL representa-
tion. The memory for the external text string is obtained
using malloc(3C). The caller is responsible for freeing the
memory upon completion.
The format of the external ACL is controlled by the flags
argument. Values for flags are constructed by a bitwise-
inclusive-OR of flags from the following list, defined in
.
ACLCOMPACTFMT For NFSv4 ACLs, the ACL entries will be
formatted using the compact ACL format
detailed in ls(1) for the -V option.
ACLAPENDID Append the uid or gid for additional user
or group entries. This flag is used to
construt ACL entries in a manner that is
suitable for archive utilities such as
tar(1). When the ACL is translated from
the external format to internal represen-
tation using aclfromtext(), the appended
ID will be used to populate the uid or
gid field of the ACL entry when the user
or group name does not exist on the host
system. The appended id will be ignored
when the user or group name does exist on
the system.
ACLSIDFMT For NFSv4 ACLs, the ACL entries for user
or group entries will use the usersid or
groupsid format when the "id" field in
the ACL entry is an ephemeral uid or gid.
The raw sid format will only be used when
SunOS 5.11 Last change: 16 Jun 2008 1
File Access Control Library Functions acltotext(3SEC)
the "id" cannot be resolved to a windows
name.
The aclfromtext() function converts an external ACL
representation pointed to by acltextp into an internal ACL
representation. The memory for the list of ACL entries is
obtained using malloc(3C). The caller is responsible for
freeing the memory upon completion. Depending on type of
ACLs a file system supports, one of two external external
representations are possible. For POSIX draft file systems
such as ufs, the external representation is described in
acltotext(3SEC). The external ACL representation For NFSv4-
style ACLs is detailed as follows.
Each aclentry contains one ACL entry. The external
representation of an ACL entry contains three, four or five
colon separated fields. The first field contains the ACL
entry type. The entry type keywords are defined as:
everyone@ This ACL entry specifies the access granted to
any user or group that does not match any pre-
vious ACL entry.
group This ACL entry with a GID specifies the access
granted to a additional group of the object.
group@ This ACL entry with no GID specified in the ACL
entry field specifies the access granted to the
owning group of the object.
groupsid This ACL entry with a SID or Windows name
specifies the access granted to a Windows
group. This type of entry is for a CIFS server
created file.
owner@ This ACL entry with no UID specified in the ACL
entry field specifies the access granted to the
owner of the object.
sid This ACL entry with a SID or Windows name when
the entry could be either a group or a user.
SunOS 5.11 Last change: 16 Jun 2008 2
File Access Control Library Functions acltotext(3SEC)
user This ACL entry with a UID specifies the access
granted to a additional user of the object.
usersid This ACL entry with a SID or Windows name
specifies the access granted to a Windows user.
This type of entry is for a CIFS server created
file.
The second field contains the ACL entry ID, and is used only
for user or group ACL entries. This field is not used for
owner@, group@, or everyone@ entries.
uid This field contains a user-name or user-ID. If the
user-name cannot be resolved to a UID, then the entry
is assumed to be a numeric UID.
gid This field contains a group-name or group-ID. If the
group-name can't be resolved to a GID, then the entry
is assumed to be a numeric GID.
The third field contains the discretionary access permis-
sions. The format of the permissions depends on whether
ACLCOMPACTFMT is specified. When the flags field does not
request ACLCOMPACTFMT, the following format is used with a
forward slash (/) separating the permissions.
addfile Add a file to a directory.
addsubdirectory Add a subdirectory.
append Append data.
delete Delete.
deletechild Delete child.
execute Execute permission.
listdirectory List a directory.
SunOS 5.11 Last change: 16 Jun 2008 3
File Access Control Library Functions acltotext(3SEC)
readacl Read ACL.
readdata Read permission.
readattributes Read attributes.
readxattr Read named attributes.
synchronize Synchronize.
writeacl Write ACL.
writeattributes Write attributes.
writedata Write permission.
writeowner Write owner.
writexattr Write named attributes.
This format allows permissions to be specified as, for exam-
ple: readdata/readxattr/readattributes.
When ACLCOMPACTFMT is specified, the permissions consist
of 14 unique letters. A hyphen (-) character is used to
indicate that the permission at that position is not speci-
fied.
a read attributes
A write attributes
c read ACL
C write ACL
SunOS 5.11 Last change: 16 Jun 2008 4
File Access Control Library Functions acltotext(3SEC)
d delete
D delete child
o write owner
p append
r readdata
R read named attributes
s synchronize
w writedata
W write named attributes
x execute
This format allows compact permissions to be represented as,
for example: rw--d-a-------
The fourth field is optional when ACLCOMPACTFMT is not
specified, in which case the field will be present only when
the ACL entry has inheritance flags set. The following is
the list of inheritance flags separated by a slash (/) char-
acter.
dirinherit ACEDIRECTORYINHERITACE
fileinherit ACEFILEINHERITACE
inheritonly ACEINHERITONLYACE
nopropagate ACENOPROPAGATEINHERITACE
SunOS 5.11 Last change: 16 Jun 2008 5
File Access Control Library Functions acltotext(3SEC)
When ACLCOMPACTFMT is specified the inheritance will
always be present and is represented as positional argu-
ments. A hyphen (-) character is used to indicate that the
inheritance flag at that position is not specified.
d dirinherit
f fileinherit
F failed access (not currently supported)
i inheritonly
n nopropagate
S successful access (not currently supported)
The fifth field contains the type of the ACE (allow or
deny):
allow The mask specified in field three should be
allowed.
deny The mask specified in field three should be denied.
RETURN VALUES
Upon successful completion, the acltotext() function
returns a pointer to a text string. Otherwise, it returns
NUL.
Upon successful completion, the aclfromtext() function
returns 0. Otherwise, the return value is set to one of the
following:
EACLFIELDNOTBLANK A field that should be blank is
not blank.
EACLFLAGSEROR An invalid ACL flag was speci-
fied.
SunOS 5.11 Last change: 16 Jun 2008 6
File Access Control Library Functions acltotext(3SEC)
EACLINHERITEROR An invalid inheritance field was
specified.
EACLINVALIDACESTYPE An invalid access type was
specified.
EACLINVALIDSTR The string is NUL.
EACLINVALIDUSERGROUP The required user or group name
not found.
EACLMISINGFIELDS The ACL needs more fields to be
specified.
EACLPERMASKEROR The permission mask is invalid.
EACLUNKNOWNDATA Unknown data was found in the
ACL.
EXAMPLES
Example 1 Examples of permissions when ACLCOMPACTFMT is
not specified.
user:joe:readdata/writedata:fileinherit/dirinherit:allow
owner@:readacl:allow,user:tom:readdata:fileinherit/inheritonly:deny
Example 2 Examples of permissions when ACLCOMPACTFMT is
specified.
user:joe:rw------------:fd----:allow
owner@:----------c---:------allow,user:tom:r-------------:f-i---:deny
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 16 Jun 2008 7
File Access Control Library Functions acltotext(3SEC)
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Committed
MT-Level Safe
SEE ALSO
ls(1), tar(1), acl(2), malloc(3C), aclfromtext(3SEC),
acl(5), attributes(5)
SunOS 5.11 Last change: 16 Jun 2008 8
|
