1acl(2)                           System Calls                           acl(2)
2
3
4

NAME

6       acl, facl - get or set a file's Access Control List (ACL)
7

SYNOPSIS

9       #include <sys/acl.h>
10
11       int acl(char *pathp, int cmd, int nentries, void *aclbufp);
12
13
14       int facl(int fildes, int cmd, int nentries, void *aclbufp);
15
16

DESCRIPTION

18       The acl() and facl() functions get or set the  ACL of a file whose name
19       is given by pathp or referenced by the open file descriptor fildes. The
20       nentries  argument  specifies  how  many  ACL  entries  fit into buffer
21       aclbufp. The acl() function is used to manipulate ACL  on  file  system
22       objects.
23
24
25       The following types are supported for aclbufp:
26
27       aclent_t    Used by the UFS file system.
28
29
30       ace_t       Used by the ZFS and NFSv4 file systems.
31
32
33
34       The following values for cmd are supported:
35
36       SETACL           nentries  aclent_t  ACL  entries,  specified in buffer
37                        aclbufp, are stored in the file's  ACL.  All  directo‐
38                        ries in the path name must be searchable.
39
40
41       GETACL           Buffer aclbufp is filled with the file's  aclent_t ACL
42                        entries. Read access to the file is not required,  but
43                        all directories in the path name must be searchable.
44
45
46       GETACLCNT        The  number  of  entries in the file's aclent_t ACL is
47                        returned. Read access to the file is not required, but
48                        all directories in the path name must be searchable.
49
50
51       ACE_SETACL       nentries   ace_t  ACL  entries,  specified  in  buffer
52                        aclbufp, are stored in the file's ACL. All directories
53                        in  the path name must be searchable. Write ACL access
54                        is required to change the file's ACL.
55
56
57       ACE_GETACL       Buffer aclbufp is filled with  the  file's  ace_t  ACL
58                        entries.  Read  access to the file is required and all
59                        directories in the path name must be searchable.
60
61
62       ACE_GETACLCNT    The number of entries  in  the  file's  ace_t  ACL  is
63                        returned.  Read access to the file is required and all
64                        directories in the path name must be searchable.
65
66

RETURN VALUES

68       Upon successful completion, acl() and facl() return 0 if cmd is  SETACL
69       or  ACE_SETACL.  If  cmd is  GETACL, GETACLCNT, ACE_GETACL or ACE_GETA‐
70       CLCNT, the number  of   ACL  entries  is  returned.  Otherwise,  −1  is
71       returned and errno is set to indicate the error.
72

ERRORS

74       The acl() function will fail if:
75
76       EACCES     The  caller does not have access to a component of the path‐
77                  name.
78
79
80       EFAULT     The pathp or aclbufp argument points to an illegal address.
81
82
83       EINVAL     The cmd argument is not  GETACL, SETACL,  ACE_GETACL,  GETA‐
84                  CLCNT,  or  ACE_GETACLCNT;  the  cmd argument is  SETACL and
85                  nentries is less than 3; or the cmd argument is   SETACL  or
86                  ACE_SETACL and the ACL specified in aclbufp is not valid.
87
88
89       EIO        A  disk  I/O  error has occurred while storing or retrieving
90                  the  ACL.
91
92
93       ENOENT     A component of the path does not exist.
94
95
96       ENOSPC     The cmd argument is  GETACL and nentries is  less  than  the
97                  number of entries in the file's  ACL, or the cmd argument is
98                  SETACL and there is insufficient space in the file system to
99                  store the  ACL.
100
101
102       ENOSYS     The cmd argument is  SETACL or ACE_SETACL and the file spec‐
103                  ified by pathp resides on a file system that does  not  sup‐
104                  port   ACLs,  or the acl() function is not supported by this
105                  implementation.
106
107
108       ENOTDIR    A component of the path specified by pathp is not  a  direc‐
109                  tory,  or  the  cmd argument is  SETACL or ACE_SETACL and an
110                  attempt is made to set a default ACL on a  file  type  other
111                  than a directory.
112
113
114       ENOTSUP    The cmd argument is GETACL, but the ACL is composed of ace_t
115                  entries, and the ACL  cannot  be  translated  into  aclent_t
116                  form.
117
118                  The  cmd argument is ACE_SETACL, but the underlying filesys‐
119                  tem only supports ACLs composed of aclent_t entries and  the
120                  ACL could not be translated into aclent_t form.
121
122
123       EPERM      The  effective  user ID does not match the owner of the file
124                  and the process does not have appropriate privilege.
125
126
127       EROFS      The cmd argument is  SETACL or ACE_SETACL and the file spec‐
128                  ified  by  pathp  resides  on  a file system that is mounted
129                  read-only.
130
131

ATTRIBUTES

133       See attributes(5) for descriptions of the following attributes:
134
135
136
137
138       ┌─────────────────────────────┬─────────────────────────────┐
139       │      ATTRIBUTE  TYPE        │      ATTRIBUTE  VALUE       │
140       ├─────────────────────────────┼─────────────────────────────┤
141       │Interface  Stability         │Evolving                     │
142       └─────────────────────────────┴─────────────────────────────┘
143

SEE ALSO

145       getfacl(1), setfacl(1), aclcheck(3SEC), aclsort(3SEC)
146
147
148
149SunOS 5.11                        10 Jan 2007                           acl(2)
Impressum