Rechercher une page de manuel
acl.9freebsd
Langue: en
Version: 309851 (debian - 07/07/09)
Section: 9 (Appels noyau Linux)
BSD mandoc
NAME
acl - virtual file system access control listsSYNOPSIS
In sys/param.h In sys/vnode.h In sys/acl.hIn the kernel configuration file: options UFS_ACL
DESCRIPTION
Access control lists, or ACLs, allow fine-grained specification of rights for vnodes representing files and directories. However, as there are a plethora of file systems with differing ACL semantics, the vnode interface is aware only of the syntax of ACLs, relying on the underlying file system to implement the details. Depending on the underlying file system, each file or directory may have zero or more ACLs associated with it, named using the Fa type field of the appropriate vnode ACL calls: VOP_ACLCHECK9, VOP_GETACL9, and VOP_SETACL9.Currently, each ACL is represented in-kernel by a fixed-size Vt acl structure, defined as follows:
struct acl { int acl_cnt; struct acl_entry acl_entry[ACL_MAX_ENTRIES]; };
An ACL is constructed from a fixed size array of ACL entries, each of which consists of a set of permissions, principal namespace, and principal identifier.
Each individual ACL entry is of the type Vt acl_entry_t , which is a structure with the following members:
- Vt acl_tag_t ae_tag
- The following is a list of definitions of ACL types to be set in ae_tag
- ACL_UNDEFINED_FIELD
- Undefined ACL type.
- ACL_USER_OBJ
- Discretionary access rights for processes whose effective user ID matches the user ID of the file's owner.
- ACL_USER
- Discretionary access rights for processes whose effective user ID matches the ACL entry qualifier.
- ACL_GROUP_OBJ
- Discretionary access rights for processes whose effective group ID or any supplemental groups match the group ID of the file's owner.
- ACL_GROUP
- Discretionary access rights for processes whose effective group ID or any supplemental groups match the ACL entry qualifier.
- ACL_MASK
- The maximum discretionary access rights that can be granted to a process in the file group class.
- ACL_OTHER
- Discretionary access rights for processes not covered by any other ACL entry.
- ACL_OTHER_OBJ
- Same as ACL_OTHER Each ACL entry must contain exactly one ACL_USER_OBJ one ACL_GROUP_OBJ and one ACL_OTHER If any of ACL_USER ACL_GROUP or ACL_OTHER are present, then exactly one ACL_MASK entry should be present.
- Vt uid_t ae_id
- The ID of user for whom this ACL describes access permissions.
- Vt acl_perm_t ae_perm
- This field defines what kind of access the process matching this ACL has for accessing the associated file.
- ACL_EXECUTE
- The process may execute the associated file.
- ACL_WRITE
- The process may write to the associated file.
- ACL_READ
- The process may read from the associated file.
- ACL_PERM_NONE
- The process has no read, write or execute permissions to the associated file.
IMPLEMENTATION NOTES
typedef mode_t *acl_permset_t; /* internal ACL structure */ struct acl { int acl_cnt; struct acl_entry acl_entry[ACL_MAX_ENTRIES]; }; /* external ACL structure */ struct acl_t_struct { struct acl ats_acl; int ats_cur_entry; }; typedef struct acl_t_struct *acl_t; /* * Possible valid values for ae_tag field. */ #define ACL_UNDEFINED_TAG 0x00000000 #define ACL_USER_OBJ 0x00000001 #define ACL_USER 0x00000002 #define ACL_GROUP_OBJ 0x00000004 #define ACL_GROUP 0x00000008 #define ACL_MASK 0x00000010 #define ACL_OTHER 0x00000020 #define ACL_OTHER_OBJ ACL_OTHER /* * Possible valid values for acl_type_t arguments. */ #define ACL_TYPE_ACCESS 0x00000000 #define ACL_TYPE_DEFAULT 0x00000001 #define ACL_TYPE_AFS 0x00000002 #define ACL_TYPE_CODA 0x00000003 #define ACL_TYPE_NTFS 0x00000004 #define ACL_TYPE_NWFS 0x00000005 /* * Possible flags in ae_perm field. */ #define ACL_EXECUTE 0x0001 #define ACL_WRITE 0x0002 #define ACL_READ 0x0004 #define ACL_PERM_NONE 0x0000 #define ACL_PERM_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ) #define ACL_POSIX1E_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ) /* * Possible entry_id values for acl_get_entry() */ #define ACL_FIRST_ENTRY 0 #define ACL_NEXT_ENTRY 1 /* * Undefined value in ae_id field */ #define ACL_UNDEFINED_ID ((uid_t)-1)
SEE ALSO
acl(3), vaccess_acl_posix1e9, VFS(9), vnaccess(9), VOP_ACLCHECK9, VOP_GETACL9, VOP_SETACL9AUTHORS
This manual page was written by An Robert Watson .Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre