Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

acl_add_perm(3) [freebsd man page]

ACL_ADD_PERM(3) 					   BSD Library Functions Manual 					   ACL_ADD_PERM(3)

NAME

     acl_add_perm -- add permissions to a permission set

LIBRARY

     Standard C Library (libc, -lc)

SYNOPSIS

     #include <sys/types.h>
     #include <sys/acl.h>

     int
     acl_add_perm(acl_permset_t permset_d, acl_perm_t perm);

DESCRIPTION

     The acl_add_perm() function is a POSIX.1e call that adds the permission contained in perm to the permission set permset_d.

     Note: it is not considered an error to attempt to add permissions that already exist in the permission set.

     For POSIX.1e ACLs, valid values are:

	ACL_EXECUTE		 Execute permission
	ACL_WRITE		 Write permission
	ACL_READ		 Read permission

     For NFSv4 ACLs, valid values are:

	ACL_READ_DATA		 Read permission
	ACL_LIST_DIRECTORY	 Same as ACL_READ_DATA
	ACL_WRITE_DATA		 Write permission, or permission to create files
	ACL_ADD_FILE		 Same as ACL_READ_DATA
	ACL_APPEND_DATA 	 Permission to create directories.  Ignored for files
	ACL_ADD_SUBDIRECTORY	 Same as ACL_APPEND_DATA
	ACL_READ_NAMED_ATTRS	 Ignored
	ACL_WRITE_NAMED_ATTRS	 Ignored
	ACL_EXECUTE		 Execute permission
	ACL_DELETE_CHILD	 Permission to delete files and subdirectories
	ACL_READ_ATTRIBUTES	 Permission to read basic attributes
	ACL_WRITE_ATTRIBUTES	 Permission to change basic attributes
	ACL_DELETE		 Permission to delete the object this ACL is placed on
	ACL_READ_ACL		 Permission to read ACL
	ACL_WRITE_ACL		 Permission to change the ACL and file mode
	ACL_SYNCHRONIZE 	 Ignored

     Calling acl_add_perm() with perm equal to ACL_WRITE or ACL_READ brands the ACL as POSIX.  Calling it with ACL_READ_DATA, ACL_LIST_DIRECTORY,
     ACL_WRITE_DATA, ACL_ADD_FILE, ACL_APPEND_DATA, ACL_ADD_SUBDIRECTORY, ACL_READ_NAMED_ATTRS, ACL_WRITE_NAMED_ATTRS, ACL_DELETE_CHILD,
     ACL_READ_ATTRIBUTES, ACL_WRITE_ATTRIBUTES, ACL_DELETE, ACL_READ_ACL, ACL_WRITE_ACL or ACL_SYNCHRONIZE brands the ACL as NFSv4.

RETURN VALUES

     The acl_add_perm() function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to
     indicate the error.

ERRORS

     The acl_add_perm() function fails if:

     [EINVAL]		Argument permset_d is not a valid descriptor for a permission set within an ACL entry.	Argument perm does not contain a
			valid acl_perm_t value.  ACL is already branded differently.

SEE ALSO

     acl(3), acl_clear_perms(3), acl_delete_perm(3), acl_get_brand_np(3), acl_get_permset(3), acl_set_permset(3), posix1e(3)

STANDARDS

     POSIX.1e is described in IEEE POSIX.1e draft 17.

HISTORY

     POSIX.1e support was introduced in FreeBSD 4.0.  The acl_add_perm() function was added in FreeBSD 5.0.

AUTHORS

     The acl_add_perm() function was written by Chris D. Faulhaber <jedgar@fxp.org>.

BSD
								   June 25, 2009							       BSD

Check Out this Related Man Page

ACL(9)							   BSD Kernel Developer's Manual						    ACL(9)

NAME

     acl -- virtual file system access control lists

SYNOPSIS

     #include <sys/param.h>
     #include <sys/vnode.h>
     #include <sys/acl.h>

     In the kernel configuration file:
     options UFS_ACL

DESCRIPTION

     Access control lists, or ACLs, allow fine-grained specification of rights for vnodes representing files and directories.  However, as there
     are a plethora of file systems with differing ACL semantics, the vnode interface is aware only of the syntax of ACLs, relying on the underly-
     ing file system to implement the details.	Depending on the underlying file system, each file or directory may have zero or more ACLs associ-
     ated with it, named using the type field of the appropriate vnode ACL calls: VOP_ACLCHECK(9), VOP_GETACL(9), and VOP_SETACL(9).

     Currently, each ACL is represented in-kernel by a fixed-size acl structure, defined as follows:

	   struct acl {
		   unsigned int 	   acl_maxcnt;
		   unsigned int 	   acl_cnt;
		   int			   acl_spare[4];
		   struct acl_entry	   acl_entry[ACL_MAX_ENTRIES];
	   };

     An ACL is constructed from a fixed size array of ACL entries, each of which consists of a set of permissions, principal namespace, and prin-
     cipal identifier.	In this implementation, the acl_maxcnt field is always set to ACL_MAX_ENTRIES.

     Each individual ACL entry is of the type acl_entry_t, which is a structure with the following members:

     acl_tag_t ae_tag
	 The following is a list of definitions of ACL types to be set in ae_tag:

	       ACL_UNDEFINED_FIELD  Undefined ACL type.
	       ACL_USER_OBJ	    Discretionary access rights for processes whose effective user ID matches the user ID of the file's owner.
	       ACL_USER 	    Discretionary access rights for processes whose effective user ID matches the ACL entry qualifier.
	       ACL_GROUP_OBJ	    Discretionary access rights for processes whose effective group ID or any supplemental groups match the group
				    ID of the file's owner.
	       ACL_GROUP	    Discretionary access rights for processes whose effective group ID or any supplemental groups match the ACL
				    entry qualifier.
	       ACL_MASK 	    The maximum discretionary access rights that can be granted to a process in the file group class.  This is
				    only valid for POSIX.1e ACLs.
	       ACL_OTHER	    Discretionary access rights for processes not covered by any other ACL entry.  This is only valid for POSIX.1e
				    ACLs.
	       ACL_OTHER_OBJ	    Same as ACL_OTHER.
	       ACL_EVERYONE	    Discretionary access rights for all users.	This is only valid for NFSv4 ACLs.

	 Each POSIX.1e ACL must contain exactly one ACL_USER_OBJ, one ACL_GROUP_OBJ, and one ACL_OTHER.  If any of ACL_USER, ACL_GROUP, or
	 ACL_OTHER are present, then exactly one ACL_MASK entry should be present.

     uid_t ae_id
	 The ID of user for whom this ACL describes access permissions.  For entries other than ACL_USER and ACL_GROUP, this field should be set
	 to ACL_UNDEFINED_ID.

     acl_perm_t ae_perm
	 This field defines what kind of access the process matching this ACL has for accessing the associated file.  For POSIX.1e ACLs, the fol-
	 lowing are valid:

	 ACL_EXECUTE		The process may execute the associated file.

	 ACL_WRITE		The process may write to the associated file.

	 ACL_READ		The process may read from the associated file.

	 ACL_PERM_NONE		The process has no read, write or execute permissions to the associated file.

	 For NFSv4 ACLs, the following are valid:

	 ACL_READ_DATA		The process may read from the associated file.

	 ACL_LIST_DIRECTORY	Same as ACL_READ_DATA.

	 ACL_WRITE_DATA 	The process may write to the associated file.

	 ACL_ADD_FILE		Same as ACL_ACL_WRITE_DATA.

	 ACL_APPEND_DATA

	 ACL_ADD_SUBDIRECTORY	Same as ACL_APPEND_DATA.

	 ACL_READ_NAMED_ATTRS	Ignored.

	 ACL_WRITE_NAMED_ATTRS	Ignored.

	 ACL_EXECUTE		The process may execute the associated file.

	 ACL_DELETE_CHILD

	 ACL_READ_ATTRIBUTES

	 ACL_WRITE_ATTRIBUTES

	 ACL_DELETE

	 ACL_READ_ACL

	 ACL_WRITE_ACL

	 ACL_WRITE_OWNER

	 ACL_SYNCHRONIZE	Ignored.

     acl_entry_type_t ae_entry_type
	 This field defines the type of NFSv4 ACL entry.  It is not used with POSIX.1e ACLs.  The following values are valid:

	 ACL_ENTRY_TYPE_ALLOW

	 ACL_ENTRY_TYPE_DENY

     acl_flag_t ae_flags
	 This field defines the inheritance flags of NFSv4 ACL entry.  It is not used with POSIX.1e ACLs.  The following values are valid:

	 ACL_ENTRY_FILE_INHERIT

	 ACL_ENTRY_DIRECTORY_INHERIT

	 ACL_ENTRY_NO_PROPAGATE_INHERIT

	 ACL_ENTRY_INHERIT_ONLY

SEE ALSO

     acl(3), vaccess(9), vaccess_acl_nfs4(9), vaccess_acl_posix1e(9), VFS(9), VOP_ACLCHECK(9), VOP_GETACL(9), VOP_SETACL(9)

AUTHORS

     This manual page was written by Robert Watson.

BSD
								September 18, 2009							       BSD
Man Page