2 .\" Copyright (c) 1999, 2000 Robert N. M. Watson
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 .\" $FreeBSD: src/share/man/man9/acl.9,v 1.2.2.4 2001/12/17 11:30:18 ru Exp $
27 .\" $DragonFly: src/share/man/man9/acl.9,v 1.3 2008/05/02 02:05:06 swildner Exp $
34 .Nd virtual file system access control lists
40 typedef int acl_type_t;
41 typedef int acl_tag_t;
42 typedef mode_t acl_perm_t;
49 typedef struct acl_entry *acl_entry_t;
53 struct acl_entry acl_entry[ACL_MAX_ENTRIES];
55 typedef struct acl *acl_t;
58 * Possible valid values for a_tag of acl_entry_t
60 #define ACL_USER_OBJ 0x00000001
61 #define ACL_USER 0x00000002
62 #define ACL_GROUP_OBJ 0x00000004
63 #define ACL_GROUP 0x00000008
64 #define ACL_MASK 0x00000010
65 #define ACL_OTHER 0x00000020
66 #define ACL_OTHER_OBJ ACL_OTHER
69 * Possible valid values a_type_t arguments
71 #define ACL_TYPE_ACCESS 0x00000000
72 #define ACL_TYPE_DEFAULT 0x00000001
73 #define ACL_TYPE_AFS 0x00000002
74 #define ACL_TYPE_CODA 0x00000003
75 #define ACL_TYPE_NTFS 0x00000004
76 #define ACL_TYPE_NWFS 0x00000005
79 * Possible flags in a_perm field
81 #define ACL_PERM_EXEC 0x0001
82 #define ACL_PERM_WRITE 0x0002
83 #define ACL_PERM_READ 0x0004
84 #define ACL_PERM_NONE 0x0000
85 #define ACL_PERM_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
86 #define ACL_POSIX1E_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
89 Access control lists, or ACLs, allow fine-grained specification of rights
90 for vnodes representing files and directories. However, as there are a
91 plethora of file systems with differing ACL semantics, the vnode interface
92 is aware only of the syntax of ACLs, relying on the underlying file system
93 to implement the details. Depending on the underlying file system, each
94 file or directory may have zero or more ACLs associated with it, named using
97 field of the appropriate vnode ACL calls,
103 Currently, each ACL is represented in-kernel by a fixed-size acl structure.
104 An ACL is constructed from a fixed size array of ACL entries, each of which
105 consists of a set of permissions, principal namespace, and principal
106 identifier. Zero or more of these entries may be "defined", depending on
107 the value of the associated acl_cnt field.
114 This man page was written by