File Access Control Library Functions              aclcheck(3SEC)



NAME
     aclcheck - check the validity of an ACL

SYNOPSIS
     cc [ flag... ] file... -lsec [ library... ]
     #include 

     int aclcheck(aclentt *aclbufp, int nentries, int *which);


DESCRIPTION
     The aclcheck()  function  checks  the  validity  of  an  ACL
     pointed  to  by aclbufp. The nentries argument is the number
     of entries contained in  the  buffer.  The  which  parameter
     returns the index of the first entry that is invalid.


     The function verifies that an ACL pointed to by  aclbufp  is
     valid according to the following rules:

         o    There must be exactly one GROUPOBJ ACL entry.

         o    There must be exactly one USEROBJ ACL entry.

         o    There must be exactly one OTHEROBJ ACL entry.

         o    If there are any GROUP ACL entries, then the  group
              ID in each group ACL entry must be unique.

         o    If there are any USER ACL entries, then the user ID
              in each user ACL entry must be unique.

         o    If there are any GROUP or USER  ACL  entries,  then
              there  must  be  exactly  one  CLASOBJ (ACL mask)
              entry.

         o    If there are any default ACL entries, then the fol-
              lowing apply:

             o    There must be exactly one default GROUPOBJ ACL
                  entry.

             o    There must be exactly one default OTHEROBJ ACL
                  entry.

             o    There must be exactly one default USEROBJ  ACL
                  entry.

             o    If there are any DEFGROUP  entries,  then  the
                  group  ID  in  each DEFGROUP ACL entry must be
                  unique.




SunOS 5.11          Last change: 10 Dec 2001                    1






File Access Control Library Functions              aclcheck(3SEC)



             o    If there are any  DEFUSER  entries,  then  the
                  user  ID  in  each  DEFUSER  ACL entry must be
                  unique.

             o    If there are any DEFGROUP or DEFUSER entries,
                  then  there  must  be exactly one DEFCLASOBJ
                  (default ACL mask) entry.

         o    If any of the above rules are  violated,  then  the
              function fails with errno set to  EINVAL.

RETURN VALUES
     If the ACL is valid,  alcheck()  will  return  0.  Otherwise
     errno  is set to EINVAL and return code is set to one of the
     following:

     GRPEROR          There  is  more  than  one  GROUPOBJ  or
                        DEFGROUPOBJ ACL entry.


     USEREROR         There  is  more  than  one  USEROBJ   or
                        DEFUSEROBJ ACL entry.


     CLASEROR        There is more  than  one  CLASOBJ  (ACL
                        mask) or DEFCLASOBJ (default ACL mask)
                        entry.


     OTHEREROR        There  is  more  than  one  OTHEROBJ  or
                        DEFOTHEROBJ ACL entry.


     DUPLICATEROR    Duplicate   entries   of   USER,   GROUP,
                        DEFUSER, or DEFGROUP.


     ENTRYEROR        The entry type is invalid.


     MISEROR         Missing an  entry.  The  which  parameter
                        returns -1 in this case.


     MEMEROR          The system cannot  allocate  any  memory.
                        The  which  parameter  returns -1 in this
                        case.


ATRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



SunOS 5.11          Last change: 10 Dec 2001                    2






File Access Control Library Functions              aclcheck(3SEC)



     
           ATRIBUTE TYPE               ATRIBUTE VALUE       
    
     Interface Stability          Evolving                    
    
     MT-Level                     Unsafe                      
    


SEE ALSO
     acl(2), aclsort(3SEC), attributes(5)












































SunOS 5.11          Last change: 10 Dec 2001                    3