System Calls acl(2)
NAME
acl, facl - get or set a file's Access Control List (ACL)
SYNOPSIS
#include
int acl(char *pathp, int cmd, int nentries, void *aclbufp);
int facl(int fildes, int cmd, int nentries, void *aclbufp);
DESCRIPTION
The acl() and facl() functions get or set the ACL of a file
whose name is given by pathp or referenced by the open file
descriptor fildes. The nentries argument specifies how many
ACL entries fit into buffer aclbufp. The acl() function is
used to manipulate ACL on file system objects.
The following types are supported for aclbufp:
aclentt Used by the UFS file system.
acet Used by the ZFS and NFSv4 file systems.
The following values for cmd are supported:
SETACL nentries aclentt ACL entries, specified in
buffer aclbufp, are stored in the file's
ACL. All directories in the path name must
be searchable.
GETACL Buffer aclbufp is filled with the file's
aclentt ACL entries. Read access to the
file is not required, but all directories
in the path name must be searchable.
GETACLCNT The number of entries in the file's
aclentt ACL is returned. Read access to
the file is not required, but all direc-
tories in the path name must be searchable.
ACESETACL nentries acet ACL entries, specified in
buffer aclbufp, are stored in the file's
ACL. All directories in the path name must
SunOS 5.11 Last change: 10 Jan 2007 1
System Calls acl(2)
be searchable. Write ACL access is required
to change the file's ACL.
ACEGETACL Buffer aclbufp is filled with the file's
acet ACL entries. Read access to the file
is required and all directories in the path
name must be searchable.
ACEGETACLCNT The number of entries in the file's acet
ACL is returned. Read access to the file
is required and all directories in the path
name must be searchable.
RETURN VALUES
Upon successful completion, acl() and facl() return 0 if cmd
is SETACL or ACESETACL. If cmd is GETACL, GETACLCNT,
ACEGETACL or ACEGETACLCNT, the number of ACL entries is
returned. Otherwise, -1 is returned and errno is set to
indicate the error.
ERORS
The acl() function will fail if:
EACES The caller does not have access to a component of
the pathname.
EFAULT The pathp or aclbufp argument points to an ille-
gal address.
EINVAL The cmd argument is not GETACL, SETACL,
ACEGETACL, GETACLCNT, or ACEGETACLCNT; the cmd
argument is SETACL and nentries is less than 3;
or the cmd argument is SETACL or ACESETACL and
the ACL specified in aclbufp is not valid.
EIO A disk I/O error has occurred while storing or
retrieving the ACL.
ENOENT A component of the path does not exist.
ENOSPC The cmd argument is GETACL and nentries is less
than the number of entries in the file's ACL, or
the cmd argument is SETACL and there is insuffi-
cient space in the file system to store the ACL.
SunOS 5.11 Last change: 10 Jan 2007 2
System Calls acl(2)
ENOSYS The cmd argument is SETACL or ACESETACL and the
file specified by pathp resides on a file system
that does not support ACLs, or the acl() func-
tion is not supported by this implementation.
ENOTDIR A component of the path specified by pathp is not
a directory, or the cmd argument is SETACL or
ACESETACL and an attempt is made to set a
default ACL on a file type other than a direc-
tory.
ENOTSUP The cmd argument is GETACL, but the ACL is com-
posed of acet entries, and the ACL cannot be
translated into aclentt form.
The cmd argument is ACESETACL, but the underly-
ing filesystem only supports ACLs composed of
aclentt entries and the ACL could not be
translated into aclentt form.
EPERM The effective user ID does not match the owner of
the file and the process does not have appropri-
ate privilege.
EROFS The cmd argument is SETACL or ACESETACL and the
file specified by pathp resides on a file system
that is mounted read-only.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Evolving
SEE ALSO
getfacl(1), setfacl(1), aclcheck(3SEC), aclsort(3SEC)
SunOS 5.11 Last change: 10 Jan 2007 3
|
