acl_strip(3SEC) File Access Control Library Functions acl_strip(3SEC)NAME
acl_strip - remove all ACLs from a file
SYNOPSIS
cc [ flag... ] file... -lsec [ library... ]
#include <sys/acl.h>
int acl_strip(const char *path, uid_t uid, gid_t gid, mode_t mode);
DESCRIPTION
The acl_strip() function removes all ACLs from a file and replaces them with a trivial ACL based on the mode argument. After replacing the
ACL, the owner and group of the file are set to the values specified by the uid and gid arguments.
RETURN VALUES
Upon successful completion, acl_strip() returns 0. Otherwise it returns -1 and sets errno to indicate the error.
ERRORS
The acl_strip() function will fail if:
EACCES Search permission is denied on a component of the path prefix of path.
EFAULT The path argument points to an illegal address.
EINVAL The uid or gid argument is out of range.
EIO A disk I/O error has occurred while storing or retrieving the ACL.
ELOOP A loop exists in symbolic links encountered during the resolution of the path argument.
ENAMETOOLONG The length of the path argument exceeds {PATH_MAX}, or the length of a path component exceeds {NAME_MAX} while
_POSIX_NO_TRUNC is in effect.
ENOENT A component of path does not exist.
ENOTDIR A component of the prefix of path is not a directory.
EPERM The effective user ID does not match the owner of the file and the process does not have appropriate privileges.
EROFS The file system is mounted read-only.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT-Level |MT-Safe |
+-----------------------------+-----------------------------+
SEE ALSO acl_get(3SEC), acl_trivial(3SEC), acl(5), attributes(5)SunOS 5.11 6 Oct 2005 acl_strip(3SEC)
Check Out this Related Man Page
acl(2)acl(2)NAME
acl, facl - get or set a file's Access Control List (ACL)
SYNOPSIS
#include <sys/acl.h>
int acl(char *pathp, int cmd, int nentries, void aclbufp);
int facl(int fildes, int cmd, int nentries, void aclbufp);
The acl() and facl() functions get or set the ACL of a file whose name is given by pathp or referenced by the open file descriptor fildes.
The nentries argument specifies how many ACL entries fit into buffer aclbufp. The acl() function is used to manipulate ACL on file system
objects.
The following types are supported for aclbufp:
aclent_t Used by the UFS file system.
ace_t Currently unused.
The following values for cmd are supported:
SETACL nentries aclent_t ACL entries, specified in buffer aclbufp, are stored in the file's ACL. All directories in the path name
must be searchable.
GETACL Buffer aclbufp is filled with the file's aclent_t ACL entries. Read access to the file is not required, but all directo-
ries in the path name must be searchable.
GETACLCNT The number of entries in the file's aclent_t ACL is returned. Read access to the file is not required, but all directories
in the path name must be searchable.
ACE_SETACL nentries ace_t ACL entries, specified in buffer aclbufp, are stored in the file's ACL. All directories in the path name
must be searchable.
ACE_GETACL Buffer aclbufp is filled with the file's ace_t ACL entries. Read access to the file is not required, but all directories in
the path name must be searchable.
ACE_GETACLCNT The number of entries in the file's ace_t ACL is returned. Read access to the file is not required, but all directories in
the path name must be searchable.
Upon successful completion, acl() and facl() return 0 if cmd is SETACL. If cmd is GETACL or GETACLCNT, the number of ACL entries is
returned. Otherwise, -1 is returned and errno is set to indicate the error.
The acl() function will fail if:
EACCES The caller does not have access to a component of the pathname.
EFAULT The pathp or aclbufp argument points to an illegal address.
EINVAL The cmd argument is not GETACL, SETACL, or GETACLCNT; the cmd argument is SETACL and nentries is less than 3; or the
cmd argument is SETACL and the ACL specified in aclbufp is not valid.
EIO A disk I/O error has occurred while storing or retrieving the ACL.
ENOENT A component of the path does not exist.
ENOSPC The cmd argument is GETACL and nentries is less than the number of entries in the file's ACL, or the cmd argument is
SETACL and there is insufficient space in the file system to store the ACL.
ENOSYS The cmd argument is SETACL and the file specified by pathp resides on a file system that does not support ACLs, or the
acl() function is not supported by this implementation.
ENOTDIR A component of the path specified by pathp is not a directory, or the cmd argument is SETACL and an attempt is made to set
a default ACL on a file type other than a directory.
ENOTSUP The cmd argument is GETACL, but the ACL is composed of ace_t entries, and the ACL cannot be translated into aclent_t form.
The cmd is ACE_SETACL, but the underlying filesystem only supports ACLs composed of aclent_t entries and the ACL could not
be translated into aclent_t form.
EPERM The effective user ID does not match the owner of the file and the process does not have appropriate privilege.
EROFS The cmd argument is SETACL and the file specified by pathp resides on a file system that is mounted read-only.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
getfacl(1), setfacl(1), aclcheck(3SEC), aclsort(3SEC)
9 Sep 2004 acl(2)