acl(2) System Calls Manual acl(2)
acl() - set a file's Access Control List (ACL) information (JFS File Systems only)
The system call is used to manipulate ACLs on JFS file system objects.
pathp points to a path name naming a file.
nentries specifies how many ACL entries are pointed to by aclbufp.
aclbufp is a pointer to the first element of an array of This type is defined in as follows:
The values for are:
Permissions for the owner of the object.
Permissions for additional users.
Permissions for members of the owning group of the object.
Permissions for members of additional groups.
Maximum permissions granted to the file group class.
Permissions for other users.
Default permissions for the object owner.
Default permissions for additional users.
Default permissions for members of the owning group of the object.
Default permissions for members of additional groups
Default maximum permissions granted to the file group class.
Default permissions for other users.
cmd The following values for cmd are available:
nentries ACL entries, specified in buffer aclbufp, are stored in the file's ACL. Any existing ACL on the file is replaced by
the new ACL. All directories in the path name must be searchable.
Buffer aclbufp is filled with the file's ACL entries. Discretionary read access to the file is not required, but all directo-
ries in the path name must be searchable.
The number of entries in the file's ACL is returned. Discretionary
read access to the file is not required, but all directories in the path name must be searchable.
For command the call will succeed if and only if all of the following are true:
There is exactly one entry each of type and
If pathp points to a directory, there is at most one entry each of type and
Entries of type or do not contain duplicate entries. A duplicate entry is one of the same type containing the same numeric ID.
If the ACL contains no entries of type and no entries of type then the entries of type and have the same permissions.
If the ACL contains no entries of type and no entries of type and an entry of type is specified, then an entry of type is also spec-
ified and the two entries have the same permissions.
The value for cmd can only be executed by a process that has an effective user ID equal to the owner of the file, or by the superuser, or
by a user with the privilege.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
returns the following values:
n Successful completion. Returns the number of ACL entries for cmd and
Returns for cmd
is set to indicate the error.
If fails, the ACL is unchanged, and is set to one of the following values:
The caller does not have access to a component of the path name.
cmd is not or
cmd is and nentries is less than the number of mandatory ACL entries(4).
cmd is and the ACL specified in aclbufp is not valid [see above discussion, and aclsort(3C)].
A disk I/O error has occurred while storing or retrieving the ACL.
cmd is and the effective user ID of the caller does not match the owner of the file, and the caller is not the superuser or a
user with privilege.
A component of the path does not exist.
cmd is and nentries is less than the number of entries in the file's ACL.
cmd is and there is insufficient space to store the ACL.
cmd is and nentries is greater than which is defined in
A component of the path specified by
pathp is not a directory.
cmd is and an attempt is made to set a default ACL on a file type other than a directory.
cmd is the file specified by pathp resides on a local non-JFS file system, and additional entries were specified in the ACL.
cmd is the file specified by pathp resides on a non-local file system, and additional entries were specified in the ACL.
cmd is and the file specified by pathp resides on a file system that is mounted read-only.
aclbufp points to an illegal address.
aclsort(3), getacl(1), setacl(1), privileges(5).