System Calls acl(2)
NAME
acl, facl - get or set a file's Access Control List (ACL)
SYNOPSIS
#include
int acl(char *pathp, int cmd, int nentries, void *aclbufp);int facl(int fildes, int cmd, int nentries, void *aclbufp);
DESCRIPTION
The acl() and facl() functions get or set the ACL of a file
whose name is given by pathp or referenced by the open file descriptor fildes. The nentries argument specifies how many ACL entries fit into buffer aclbufp. The acl() function is used to manipulate ACL on file system objects. The following types are supported for aclbufp:aclent_t Used by the UFS file system.
ace_t Used by the ZFS and NFSv4 file systems.
The following values for cmd are supported:SETACL nentries aclent_t ACL entries, specified in
buffer aclbufp, are stored in the file's ACL. All directories in the path name must be searchable. GETACL Buffer aclbufp is filled with the file'saclent_t ACL entries. Read access to the
file is not required, but all directories in the path name must be searchable. GETACLCNT The number of entries in the file'saclent_t ACL is returned. Read access to
the file is not required, but all direc-
tories in the path name must be searchable.ACE_SETACL nentries ace_t ACL entries, specified in
buffer aclbufp, are stored in the file's ACL. All directories in the path name mustSunOS 5.11 Last change: 10 Jan 2007 1
System Calls acl(2) be searchable. Write ACL access is required to change the file's ACL.ACE_GETACL Buffer aclbufp is filled with the file's
ace_t ACL entries. Read access to the file
is required and all directories in the path name must be searchable.ACE_GETACLCNT The number of entries in the file's ace_t
ACL is returned. Read access to the file is required and all directories in the path name must be searchable.RETURN VALUES
Upon successful completion, acl() and facl() return 0 if cmd
is SETACL or ACE_SETACL. If cmd is GETACL, GETACLCNT,
ACE_GETACL or ACE_GETACLCNT, the number of ACL entries is
returned. Otherwise, -1 is returned and errno is set to
indicate the error.ERRORS
The acl() function will fail if: EACCES The caller does not have access to a component of the pathname.EFAULT The pathp or aclbufp argument points to an ille-
gal address. EINVAL The cmd argument is not GETACL, SETACL,ACE_GETACL, GETACLCNT, or ACE_GETACLCNT; the cmd
argument is SETACL and nentries is less than 3;or the cmd argument is SETACL or ACE_SETACL and
the ACL specified in aclbufp is not valid.EIO A disk I/O error has occurred while storing or retrieving the ACL. ENOENT A component of the path does not exist. ENOSPC The cmd argument is GETACL and nentries is less than the number of entries in the file's ACL, or
the cmd argument is SETACL and there is insuffi-
cient space in the file system to store the ACL.SunOS 5.11 Last change: 10 Jan 2007 2
System Calls acl(2)ENOSYS The cmd argument is SETACL or ACE_SETACL and the
file specified by pathp resides on a file systemthat does not support ACLs, or the acl() func-
tion is not supported by this implementation. ENOTDIR A component of the path specified by pathp is not a directory, or the cmd argument is SETACL orACE_SETACL and an attempt is made to set a
default ACL on a file type other than a direc-
tory.ENOTSUP The cmd argument is GETACL, but the ACL is com-
posed of ace_t entries, and the ACL cannot be
translated into aclent_t form.
The cmd argument is ACE_SETACL, but the underly-
ing filesystem only supports ACLs composed ofaclent_t entries and the ACL could not be
translated into aclent_t form.
EPERM The effective user ID does not match the owner ofthe file and the process does not have appropri-
ate privilege.EROFS The cmd argument is SETACL or ACE_SETACL and the
file specified by pathp resides on a file systemthat is mounted read-only.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
SEE ALSO
getfacl(1), setfacl(1), aclcheck(3SEC), aclsort(3SEC)
SunOS 5.11 Last change: 10 Jan 2007 3