ACL(2)ACL(2)NAME
acl, facl - get or set a file's Access Control List (ACL)
SYNOPSIS
#include <sys/acl.h>
int acl(char *pathp, int cmd, int nentries, void *aclbufp);
int facl(int fildes, int cmd, int nentries, void *aclbufp);
DESCRIPTION
The acl() and facl() functions get or set the ACL of a file whose name
is given by pathp or referenced by the open file descriptor fildes. The
nentries argument specifies how many ACL entries fit into buffer
aclbufp. The acl() function is used to manipulate ACL on file system
objects.
The following types are supported for aclbufp:
aclent_t
Used by the UFS file system.
ace_t
Used by the ZFS and NFSv4 file systems.
The following values for cmd are supported:
SETACL
nentries aclent_t ACL entries, specified in buffer
aclbufp, are stored in the file's ACL. All directo‐
ries in the path name must be searchable.
GETACL
Buffer aclbufp is filled with the file's aclent_t ACL
entries. Read access to the file is not required, but
all directories in the path name must be searchable.
GETACLCNT
The number of entries in the file's aclent_t ACL is
returned. Read access to the file is not required, but
all directories in the path name must be searchable.
ACE_SETACL
nentries ace_t ACL entries, specified in buffer
aclbufp, are stored in the file's ACL. All directories
in the path name must be searchable. Write ACL access
is required to change the file's ACL.
ACE_GETACL
Buffer aclbufp is filled with the file's ace_t ACL
entries. Read access to the file is required and all
directories in the path name must be searchable.
ACE_GETACLCNT
The number of entries in the file's ace_t ACL is
returned. Read access to the file is required and all
directories in the path name must be searchable.
RETURN VALUES
Upon successful completion, acl() and facl() return 0 if cmd is SETACL
or ACE_SETACL. If cmd is GETACL, GETACLCNT, ACE_GETACL or ACE_GETA‐
CLCNT, the number of ACL entries is returned. Otherwise, −1 is returned
and errno is set to indicate the error.
ERRORS
The acl() function will fail if:
EACCES
The caller does not have access to a component of the path‐
name.
EFAULT
The pathp or aclbufp argument points to an illegal address.
EINVAL
The cmd argument is not GETACL, SETACL, ACE_GETACL, GETA‐
CLCNT, or ACE_GETACLCNT; the cmd argument is SETACL and
nentries is less than 3; or the cmd argument is SETACL or
ACE_SETACL and the ACL specified in aclbufp is not valid.
EIO
A disk I/O error has occurred while storing or retrieving
the ACL.
ENOENT
A component of the path does not exist.
ENOSPC
The cmd argument is GETACL and nentries is less than the
number of entries in the file's ACL, or the cmd argument is
SETACL and there is insufficient space in the file system to
store the ACL.
ENOSYS
The cmd argument is SETACL or ACE_SETACL and the file spec‐
ified by pathp resides on a file system that does not sup‐
port ACLs, or the acl() function is not supported by this
implementation.
ENOTDIR
A component of the path specified by pathp is not a direc‐
tory, or the cmd argument is SETACL or ACE_SETACL and an
attempt is made to set a default ACL on a file type other
than a directory.
ENOTSUP
The cmd argument is GETACL, but the ACL is composed of ace_t
entries, and the ACL cannot be translated into aclent_t
form.
The cmd argument is ACE_SETACL, but the underlying filesys‐
tem only supports ACLs composed of aclent_t entries and the
ACL could not be translated into aclent_t form.
EPERM
The effective user ID does not match the owner of the file
and the process does not have appropriate privilege.
EROFS
The cmd argument is SETACL or ACE_SETACL and the file spec‐
ified by pathp resides on a file system that is mounted
read-only.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────┬──────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────┼──────────────────┤
│Interface Stability │ Evolving │
└─────────────────────┴──────────────────┘
SEE ALSOgetfacl(1), setfacl(1), aclcheck(3SEC), aclsort(3SEC)
Jan 10, 2007 ACL(2)