Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

ACL(3)			 BSD Library Functions Manual			ACL(3)

NAME
     acl — introduction to the POSIX.1e ACL security API

LIBRARY
     library “libposix1e”

SYNOPSIS
     #include <sys/types.h>
     #include <sys/acl.h>

DESCRIPTION
     As shipped, DragonFly permits file systems to export Access Control Lists
     via the VFS, and provides a library for userland access to and manipula‐
     tion of these ACLs, but support for ACLs is not provided by any file sys‐
     tems shipped in the base operating system.	 The library calls shipped
     with 4.0 include routines to allocate, duplicate, retrieve, set, and val‐
     idate ACLs associated with file objects.  As well as the POSIX.1e rou‐
     tines, there are a number of non-portable extensions defined that allow
     for alternative ACL semantics than the POSIX.1e semantics, such as AFS,
     NTFS, and NWFS semantics.	Where routines are non-standard, they are suf‐
     fixed with _np to indicate that they are not portable.

     POSIX.1e describes a set of ACL manipulation routines to manage the con‐
     tents of ACLs, as well as their relationships with files.	This manipula‐
     tion library is not currently implemented in DragonFly, although a third
     party library was under development at the time this document was writ‐
     ten.  There is a general consensus that the POSIX.1e manipulation rou‐
     tines are ambiguously defined in the specification, and don't meet the
     needs of most applications.  For the time being, applications may
     directly manipulate the ACL structures, defined in <sys/acl.h>, although
     the recommended usage is to only ever handle text-form ACLs in applica‐
     tions, generated and maintained using acl_from_text() and acl_to_text(),
     passed directly to and from the management routines.  In this manner, an
     application can remain safely unaware of the contents of ACLs.

     Available functions, sorted by behavior, include:

     acl_delete_def_file(), acl_delete_file_np(), acl_delete_fd_np()

     These functions are described in acl_delete(3), and may be used to delete
     ACLs from file system objects.

     acl_free()

     This function is described in acl_free(3), and may be used to free user‐
     land working ACL storage.

     acl_from_text()

     This function is described in acl_from_text(3), and may be used to con‐
     vert a text-form ACL into working ACL state, if the ACL has POSIX.1e
     semantics.

     acl_get_file(), acl_get_fd(), acl_get_fd_np()

     These functions are described in acl_get(3), and may be used to retrieve
     ACLs from file system objects.

     acl_init()

     This function is described in acl_init(3), and may be used to allocate a
     fresh (empty) ACL structure.

     acl_dup()

     This function is described in acl_dup(3), and may be used to duplicate an
     ACL structure.

     acl_set_file(), acl_set_fd(), acl_set_fd_np()

     These functions are described in acl_set(3), and may be used to assign an
     ACL to a file system object.

     acl_to_text()

     This function is described in acl_to_text(3), and may be used to generate
     a text-form of a POSIX.1e semantics ACL.

     acl_valid(), acl_valid_file_np(), acl_valid_fd_np()

     Thee functions are described in acl_valid(3), and may be used to validate
     an ACL as correct POSIX.1e-semantics, or as appropriate for a particular
     file system object regardless of semantics.

     Documentation of the internal kernel interfaces backing these calls may
     be found in acl(9).  The syscalls between the internal interfaces and the
     public library routines may change over time, and as such are not docu‐
     mented.  They are not intended to be called directly without going
     through the library.

IMPLEMENTATION NOTES
     DragonFly's support for POSIX.1e interfaces and features is still under
     development at this time.

ENVIRONMENT
     POSIX.1e assigns security labels to all objects, extending the security
     functionality described in POSIX.1.  These additional labels provide
     fine-grained discretionary access control, fine-grained capabilities, and
     labels necessary for mandatory access control.  POSIX.2c describes a set
     of userland utilities for manipulating these labels.  These userland
     utilities are not bundled with DragonFly so as to discourage their use in
     the short term.

SEE ALSO
     acl(3), acl_dup(3), acl_free(3), acl_from_text(3), acl_get(3),
     acl_set(3), acl_to_text(3), acl_valid(3), acl(9)

STANDARDS
     POSIX.1e is described in IEEE POSIX.1e draft 17.  Discussion of the draft
     continues on the cross-platform POSIX.1e implementation mailing list.  To
     join this list, see the FreeBSD POSIX.1e implementation page for more
     information.

HISTORY
     POSIX.1e support was introduced in FreeBSD 4.0, and development contin‐
     ues.

AUTHORS
     Robert N M Watson

BUGS
     These features are not yet fully implemented.  In particular, the shipped
     version of UFS/FFS does not support storage of additional security
     labels, and so is unable to (easily) provide support for most of these
     features.

BSD			       January 28, 2000				   BSD

Vote for polarhome