2 * Copyright (c) 2001 Chris D. Faulhaber
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
30 #include <sys/types.h>
31 #include <sys/param.h>
34 #include <sys/queue.h>
49 #define OP_MERGE_ACL 0x00 /* merge acl's (-mM) */
50 #define OP_REMOVE_DEF 0x01 /* remove default acl's (-k) */
51 #define OP_REMOVE_EXT 0x02 /* remove extended acl's (-b) */
52 #define OP_REMOVE_ACL 0x03 /* remove acl's (-xX) */
53 #define OP_REMOVE_BY_NUMBER 0x04 /* remove acl's (-xX) by acl entry number */
54 #define OP_ADD_ACL 0x05 /* add acls entries at a given position */
56 /* TAILQ entry for acl operations */
61 TAILQ_ENTRY(sf_entry) next;
63 static TAILQ_HEAD(, sf_entry) entrylist;
70 static void usage(void);
76 fprintf(stderr, "usage: setfacl [-R [-H | -L | -P]] [-bdhkn] "
77 "[-a position entries] [-m entries] [-M file] "
78 "[-x entries] [-X file] [file ...]\n");
83 main(int argc, char *argv[])
87 acl_entry_t unused_entry;
88 char filename[PATH_MAX];
89 int local_error, carried_error, ch, entry_number, ret, fts_options;
90 bool h_flag, H_flag, L_flag, R_flag, follow_symlink;
95 struct sf_entry *entry;
98 acl_type = ACL_TYPE_ACCESS;
99 carried_error = local_error = fts_options = 0;
100 have_mask = have_stdin = n_flag = need_mask = 0;
101 h_flag = H_flag = L_flag = R_flag = false;
103 TAILQ_INIT(&entrylist);
105 while ((ch = getopt(argc, argv, "HLM:PRX:a:bdhkm:nx:")) != -1)
116 entry = zmalloc(sizeof(struct sf_entry));
117 entry->acl = get_acl_from_file(optarg);
118 if (entry->acl == NULL)
119 err(1, "%s: get_acl_from_file() failed", optarg);
120 entry->op = OP_MERGE_ACL;
121 TAILQ_INSERT_TAIL(&entrylist, entry, next);
124 H_flag = L_flag = false;
130 entry = zmalloc(sizeof(struct sf_entry));
131 entry->acl = get_acl_from_file(optarg);
132 entry->op = OP_REMOVE_ACL;
133 TAILQ_INSERT_TAIL(&entrylist, entry, next);
136 entry = zmalloc(sizeof(struct sf_entry));
138 entry_number = strtol(optarg, &end, 10);
139 if (end - optarg != (int)strlen(optarg))
140 errx(1, "%s: invalid entry number", optarg);
141 if (entry_number < 0)
142 errx(1, "%s: entry number cannot be less than zero", optarg);
143 entry->entry_number = entry_number;
145 if (argv[optind] == NULL)
146 errx(1, "missing ACL");
147 entry->acl = acl_from_text(argv[optind]);
148 if (entry->acl == NULL)
149 err(1, "%s", argv[optind]);
151 entry->op = OP_ADD_ACL;
152 TAILQ_INSERT_TAIL(&entrylist, entry, next);
155 entry = zmalloc(sizeof(struct sf_entry));
156 entry->op = OP_REMOVE_EXT;
157 TAILQ_INSERT_TAIL(&entrylist, entry, next);
160 acl_type = ACL_TYPE_DEFAULT;
166 entry = zmalloc(sizeof(struct sf_entry));
167 entry->op = OP_REMOVE_DEF;
168 TAILQ_INSERT_TAIL(&entrylist, entry, next);
171 entry = zmalloc(sizeof(struct sf_entry));
172 entry->acl = acl_from_text(optarg);
173 if (entry->acl == NULL)
174 err(1, "%s", optarg);
175 entry->op = OP_MERGE_ACL;
176 TAILQ_INSERT_TAIL(&entrylist, entry, next);
182 entry = zmalloc(sizeof(struct sf_entry));
183 entry_number = strtol(optarg, &end, 10);
184 if (end - optarg == (int)strlen(optarg)) {
185 if (entry_number < 0)
186 errx(1, "%s: entry number cannot be less than zero", optarg);
187 entry->entry_number = entry_number;
188 entry->op = OP_REMOVE_BY_NUMBER;
190 entry->acl = acl_from_text(optarg);
191 if (entry->acl == NULL)
192 err(1, "%s", optarg);
193 entry->op = OP_REMOVE_ACL;
195 TAILQ_INSERT_TAIL(&entrylist, entry, next);
204 if (n_flag == 0 && TAILQ_EMPTY(&entrylist))
207 /* take list of files from stdin */
208 if (argc == 0 || strcmp(argv[0], "-") == 0) {
210 err(1, "cannot have more than one stdin");
212 bzero(&filename, sizeof(filename));
214 /* Start with an array size sufficient for basic cases. */
216 files_list = zmalloc(fl_count * sizeof(char *));
217 while (fgets(filename, (int)sizeof(filename), stdin)) {
219 filename[strlen(filename) - 1] = '\0';
220 files_list[i] = strdup(filename);
221 if (files_list[i] == NULL)
222 err(1, "strdup() failed");
223 /* Grow array if necessary. */
224 if (++i == fl_count) {
226 if (fl_count > SIZE_MAX / sizeof(char *))
227 errx(1, "Too many input files");
228 files_list = zrealloc(files_list,
229 fl_count * sizeof(char *));
233 /* fts_open() requires the last array element to be NULL. */
234 files_list[i] = NULL;
240 errx(1, "the -R and -h options may not be "
241 "specified together.");
243 fts_options = FTS_LOGICAL;
245 fts_options = FTS_PHYSICAL;
248 fts_options |= FTS_COMFOLLOW;
252 fts_options = FTS_PHYSICAL;
254 fts_options = FTS_LOGICAL;
257 /* Open all files. */
258 if ((ftsp = fts_open(files_list, fts_options | FTS_NOSTAT, 0)) == NULL)
260 while ((file = fts_read(ftsp)) != NULL) {
261 switch (file->fts_info) {
263 /* Do not recurse if -R not specified. */
265 fts_set(ftsp, file, FTS_SKIP);
268 /* Skip the second visit to a directory. */
272 warnx("%s: %s", file->fts_path,
273 strerror(file->fts_errno));
279 if (acl_type == ACL_TYPE_DEFAULT && file->fts_info != FTS_D) {
280 warnx("%s: default ACL may only be set on "
281 "a directory", file->fts_path);
288 follow_symlink = ((fts_options & FTS_LOGICAL) ||
289 ((fts_options & FTS_COMFOLLOW) &&
290 file->fts_level == FTS_ROOTLEVEL));
293 ret = pathconf(file->fts_accpath, _PC_ACL_NFS4);
295 ret = lpathconf(file->fts_accpath, _PC_ACL_NFS4);
297 if (acl_type == ACL_TYPE_DEFAULT) {
298 warnx("%s: there are no default entries "
299 "in NFSv4 ACLs", file->fts_path);
303 acl_type = ACL_TYPE_NFS4;
304 } else if (ret == 0) {
305 if (acl_type == ACL_TYPE_NFS4)
306 acl_type = ACL_TYPE_ACCESS;
307 } else if (ret < 0 && errno != EINVAL) {
308 warn("%s: pathconf(..., _PC_ACL_NFS4) failed",
313 acl = acl_get_file(file->fts_accpath, acl_type);
315 acl = acl_get_link_np(file->fts_accpath, acl_type);
318 warn("%s: acl_get_file() failed",
321 warn("%s: acl_get_link_np() failed",
327 /* cycle through each option */
328 TAILQ_FOREACH(entry, &entrylist, next) {
334 local_error += add_acl(entry->acl,
336 &acl, file->fts_path);
339 local_error += merge_acl(entry->acl, &acl,
345 * Don't try to call remove_ext() for empty
348 if (acl_type == ACL_TYPE_DEFAULT &&
349 acl_get_entry(acl, ACL_FIRST_ENTRY,
350 &unused_entry) == 0) {
351 local_error += remove_default(&acl,
355 remove_ext(&acl, file->fts_path);
359 if (acl_type == ACL_TYPE_NFS4) {
360 warnx("%s: there are no default entries in NFSv4 ACLs; "
361 "cannot remove", file->fts_path);
365 if (acl_delete_def_file(file->fts_accpath) == -1) {
366 warn("%s: acl_delete_def_file() failed",
370 if (acl_type == ACL_TYPE_DEFAULT)
371 local_error += remove_default(&acl,
376 local_error += remove_acl(entry->acl, &acl,
380 case OP_REMOVE_BY_NUMBER:
381 local_error += remove_by_number(entry->entry_number,
382 &acl, file->fts_path);
389 * Don't try to set an empty default ACL; it will always fail.
390 * Use acl_delete_def_file(3) instead.
392 if (acl_type == ACL_TYPE_DEFAULT &&
393 acl_get_entry(acl, ACL_FIRST_ENTRY, &unused_entry) == 0) {
394 if (acl_delete_def_file(file->fts_accpath) == -1) {
395 warn("%s: acl_delete_def_file() failed",
402 /* don't bother setting the ACL if something is broken */
408 if (acl_type != ACL_TYPE_NFS4 && need_mask &&
409 set_acl_mask(&acl, file->fts_path) == -1) {
410 warnx("%s: failed to set ACL mask", file->fts_path);
412 } else if (follow_symlink) {
413 if (acl_set_file(file->fts_accpath, acl_type,
416 warn("%s: acl_set_file() failed",
420 if (acl_set_link_np(file->fts_accpath, acl_type,
423 warn("%s: acl_set_link_np() failed",
431 return (carried_error);