Проект OpenNet: MAN acl (3) Библиотечные вызовы (FreeBSD и Linux)

Интерактивная система просмотра системных руководств (man-ов)

acl (3)

acl (2) ( Solaris man: Системные вызовы )

>> acl (3) ( FreeBSD man: Библиотечные вызовы )

acl (5) ( Solaris man: Форматы файлов )

acl (5) ( Linux man: Форматы файлов )

acl (9) ( FreeBSD man: Ядро )

Ключ acl обнаружен в базе ключевых слов.

BSD mandoc

NAME



acl

 - introduction to the POSIX.1e ACL security API

LIBRARY

Lb libc

SYNOPSIS

#include <sys/types.h>
#include <sys/acl.h>

DESCRIPTION

Fx permits file systems to export Access Control Lists via the VFS, and provides a library for userland access to and manipulation of these ACLs. Not all file systems provide support for ACLs, and some may require that ACL support be explicitly enabled by the administrator. The library calls include routines to allocate, duplicate, retrieve, set, and validate ACLs associated with file objects. As well as the POSIX.1e routines, there are a number of non-portable extensions defined that allow for alternative ACL semantics than the POSIX.1e semantics, such as AFS, NTFS, Coda, and NWFS semantics. Where routines are non-standard, they are suffixed with _np to indicate that they are not portable.

POSIX.1e describes a set of ACL manipulation routines to manage the contents of ACLs, as well as their relationships with files; almost all of these support routines are implemented in Fx .

Available functions, sorted by behavior, include:

Fn acl_add_perm: This function is described in acl_add_perm3, and may be used to add permissions to a permission set.
Fn acl_calc_mask: This function is described in acl_calc_mask3, and may be used to calculate and set the permissions associated with the ACL_MASK entry.
Fn acl_clear_perms: This function is described in acl_clear_perms3, and may be used to clear all permissions from a permission set.
Fn acl_copy_entry: This function is described in acl_copy_entry3, and may be used to copy the contents of an ACL entry.
Fn acl_create_entry: This function is described in acl_create_entry3, and may be used to create an empty entry in an ACL.
acl_delete_def_file (,); acl_delete_def_link_np (,); acl_delete_fd_np (,); acl_delete_file_np (,); acl_delete_link_np ();: These functions are described in acl_delete3, and may be used to delete ACLs from file system objects.
Fn acl_delete_entry: This function is described in acl_delete_entry3, and may be used to delete an entry from an ACL.
Fn acl_delete_perm: This function is described in acl_delete_perm3, and may be used to delete permissions from a permset.
Fn acl_dup: This function is described in acl_dup3, and may be used to duplicate an ACL structure.
Fn acl_free: This function is described in acl_free3, and may be used to free userland working ACL storage.
Fn acl_from_text: This function is described in acl_from_text3, and may be used to convert a text-form ACL into working ACL state, if the ACL has POSIX.1e semantics.
Fn acl_get_entry: This function is described in acl_get_entry3, and may be used to retrieve a designated ACL entry from an ACL.
acl_get_fd (,); acl_get_fd_np (,); acl_get_file (,); acl_get_link_np ();: These functions are described in acl_get3, and may be used to retrieve ACLs from file system objects.
Fn acl_get_permset: This function is described in acl_get_permset3, and may be used to retrieve a permset from an ACL entry.
Fn acl_get_qualifier: This function is described in acl_get_qualifier3, and may be used to retrieve the qualifier from an ACL entry.
Fn acl_get_tag_type: This function is described in acl_get_tag_type3, and may be used to retrieve the tag type from an ACL entry.
Fn acl_init: This function is described in acl_init3, and may be used to allocate a fresh (empty) ACL structure.
acl_set_fd (,); acl_set_fd_np (,); acl_set_file (,); acl_set_link_np ();: These functions are described in acl_set3, and may be used to assign an ACL to a file system object.
Fn acl_set_permset: This function is described in acl_set_permset3, and may be used to set the permissions of an ACL entry from a permset.
Fn acl_set_qualifier: This function is described in acl_set_qualifier3, and may be used to set the qualifier of an ACL.
Fn acl_set_tag_type: This function is described in acl_set_tag_type3, and may be used to set the tag type of an ACL.
Fn acl_to_text: This function is described in acl_to_text3, and may be used to generate a text-form of a POSIX.1e semantics ACL.
acl_valid (,); acl_valid_fd_np (,); acl_valid_file_np (,); acl_valid_link_np ();: These functions are described in acl_valid3, and may be used to validate an ACL as correct POSIX.1e-semantics, or as appropriate for a particular file system object regardless of semantics.

Documentation of the internal kernel interfaces backing these calls may be found in acl(9). The syscalls between the internal interfaces and the public library routines may change over time, and as such are not documented. They are not intended to be called directly without going through the library.

STANDARDS

POSIX.1e assigns security labels to all objects, extending the security functionality described in POSIX.1. These additional labels provide fine-grained discretionary access control, fine-grained capabilities, and labels necessary for mandatory access control. POSIX.2c describes a set of userland utilities for manipulating these labels.

POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft continues on the cross-platform POSIX.1e implementation mailing list. To join this list, see the Fx POSIX.1e implementation page for more information.

HISTORY

POSIX.1e support was introduced in Fx 4.0 ; Fx 5.0 was the first version to include a complete ACL implementation based on extended attributes for the UFS and UFS2 file systems.

The getfacl(1) and setfacl(1) utilities describe the user tools that permit direct manipulation of complete file ACLs.