#include <sys/vnode.h>
#include <sys/acl.h>
In the kernel configuration file:
options UFS_ACL
DESCRIPTION
Access control lists, or ACLs, allow fine-grained specification of rights
for vnodes representing files and directories. However, as there are a
plethora of file systems with differing ACL semantics, the vnode inter-
face is aware only of the syntax of ACLs, relying on the underlying file
system to implement the details. Depending on the underlying file sys-
tem, each file or directory may have zero or more ACLs associated with
it, named using the type field of the appropriate vnode ACL calls:
VOP_ACLCHECK(9), VOP_GETACL(9), and VOP_SETACL(9).
Currently, each ACL is represented in-kernel by a fixed-size acl struc-
ture, defined as follows:
struct acl {
int acl_cnt;
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
};
An ACL is constructed from a fixed size array of ACL entries, each of
which consists of a set of permissions, principal namespace, and princi-
pal identifier.
Each individual ACL entry is of the type acl_entry_t, which is a struc-
ture with the following members:
acl_tag_t ae_tag
The following is a list of definitions of ACL types to be set in
ae_tag:
ACL_UNDEFINED_FIELD Undefined ACL type.
ACL_USER_OBJ Discretionary access rights for processes
whose effective user ID matches the user
ID of the file's owner.
ACL_USER Discretionary access rights for processes
whose effective user ID matches the ACL
entry qualifier.
ACL_GROUP_OBJ Discretionary access rights for processes
whose effective group ID or any supplemen-
tal groups match the group ID of the
file's owner.
ACL_GROUP Discretionary access rights for processes
whose effective group ID or any supplemen-
tal groups match the ACL entry qualifier.
ACL_MASK The maximum discretionary access rights
that can be granted to a process in the
file group class.
has for accessing the associated file.
ACL_EXECUTE The process may execute the associated file.
ACL_WRITE The process may write to the associated file.
ACL_READ The process may read from the associated file.
ACL_PERM_NONE The process has no read, write or execute permis-
sions to the associated file.
IMPLEMENTATION NOTES
typedef mode_t *acl_permset_t;
/* internal ACL structure */
struct acl {
int acl_cnt;
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
};
/* external ACL structure */
struct acl_t_struct {
struct acl ats_acl;
int ats_cur_entry;
};
typedef struct acl_t_struct *acl_t;
/*
* Possible valid values for ae_tag field.
*/
#define ACL_UNDEFINED_TAG 0x00000000
#define ACL_USER_OBJ 0x00000001
#define ACL_USER 0x00000002
#define ACL_GROUP_OBJ 0x00000004
#define ACL_GROUP 0x00000008
#define ACL_MASK 0x00000010
#define ACL_OTHER 0x00000020
#define ACL_OTHER_OBJ ACL_OTHER
/*
* Possible valid values for acl_type_t arguments.
*/
#define ACL_TYPE_ACCESS 0x00000000
#define ACL_TYPE_DEFAULT 0x00000001
#define ACL_TYPE_AFS 0x00000002
#define ACL_TYPE_CODA 0x00000003
#define ACL_TYPE_NTFS 0x00000004
#define ACL_TYPE_NWFS 0x00000005
/*
* Possible flags in ae_perm field.
*/
* Undefined value in ae_id field
*/
#define ACL_UNDEFINED_ID ((uid_t)-1)
SEE ALSO
acl(3), vaccess_acl_posix1e(9), VFS(9), vnaccess(9), VOP_ACLCHECK(9),
VOP_GETACL(9), VOP_SETACL(9)
AUTHORS
This man page was written by Robert Watson.
FreeBSD 5.1 December 23, 1999 FreeBSD 5.1
Man(1) output converted with
man2html