2 .\" Copyright (c) 2000, 2001, 2002 Robert N. M. Watson
3 .\" All rights reserved.
5 .\" This software was developed by Robert Watson for the TrustedBSD Project.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 .Nd introduction to the POSIX.1e ACL security API
43 permits file systems to export Access Control Lists via the VFS, and
44 provides a library for userland access to and manipulation of these ACLs.
45 Not all file systems provide support for ACLs, and some may require that
46 ACL support be explicitly enabled by the administrator.
47 The library calls include routines to allocate, duplicate, retrieve, set,
48 and validate ACLs associated with file objects.
49 As well as the POSIX.1e routines, there are a number of non-portable
50 extensions defined that allow for alternative ACL semantics than the
51 POSIX.1e semantics, such as NFSv4, AFS, NTFS, Coda, and NWFS semantics.
52 Where routines are non-standard, they are suffixed with _np to indicate that
53 they are not portable.
55 POSIX.1e describes a set of ACL manipulation routines to manage the
56 contents of ACLs, as well as their relationships with files; almost
57 all of these support routines are implemented in
60 Available functions, sorted by behavior, include:
61 .Bl -tag -width indent
62 .It Fn acl_add_flag_np
63 This function is described in
64 .Xr acl_add_flag_np 3 ,
65 and may be used to add flags to a flagset.
67 This function is described in
69 and may be used to add permissions to a permission set.
71 This function is described in
73 and may be used to calculate and set the permissions associated with
77 .It Fn acl_clear_flags_np
78 This function is described in
79 .Xr acl_clear_flags_np 3 ,
80 and may be used to clear all flags from a flagset.
81 .It Fn acl_clear_perms
82 This function is described in
83 .Xr acl_clear_perms 3 ,
84 and may be used to clear all permissions from a permission set.
86 This function is described in
87 .Xr acl_copy_entry 3 ,
88 and may be used to copy the contents of an ACL entry.
90 .Fn acl_create_entry ,
91 .Fn acl_create_entry_np
93 These functions are described in
94 .Xr acl_create_entry 3 ,
95 and may be used to create an empty entry in an ACL.
97 .Fn acl_delete_def_file ,
98 .Fn acl_delete_def_link_np ,
99 .Fn acl_delete_fd_np ,
100 .Fn acl_delete_file_np ,
101 .Fn acl_delete_link_np
103 These functions are described in
105 and may be used to delete ACLs from file system objects.
107 .Fn acl_delete_entry ,
108 .Fn acl_delete_entry_np ,
110 This functions are described in
111 .Xr acl_delete_entry 3 ,
112 and may be used to delete an entry from an ACL.
113 .It Fn acl_delete_flag_np
114 This function is described in
115 .Xr acl_delete_flag_np 3 ,
116 and may be used to delete flags from a flagset.
117 .It Fn acl_delete_perm
118 This function is described in
119 .Xr acl_delete_perm 3 ,
120 and may be used to delete permissions from a permset.
122 This function is described in
124 and may be used to duplicate an ACL structure.
126 This function is described in
128 and may be used to free userland working ACL storage.
130 This function is described in
131 .Xr acl_from_text 3 ,
132 and may be used to convert a text-form ACL into working ACL state, if
133 the ACL has POSIX.1e or NFSv4 semantics.
135 This function is described in
136 .Xr acl_get_entry 3 ,
137 and may be used to retrieve a designated ACL entry from an ACL.
144 These functions are described in
146 and may be used to retrieve ACLs from file system objects.
147 .It Fn acl_get_entry_type_np
148 This function is described in
149 .Xr acl_get_entry_type_np 3 ,
150 and may be used to retrieve an ACL type from an ACL entry.
151 .It Fn acl_get_flagset_np
152 This function is described in
153 .Xr acl_get_flagset_np 3 ,
154 and may be used to retrieve a flagset from an ACL entry.
155 .It Fn acl_get_permset
156 This function is described in
157 .Xr acl_get_permset 3 ,
158 and may be used to retrieve a permset from an ACL entry.
159 .It Fn acl_get_qualifier
160 This function is described in
161 .Xr acl_get_qualifier 3 ,
162 and may be used to retrieve the qualifier from an ACL entry.
163 .It Fn acl_get_tag_type
164 This function is described in
165 .Xr acl_get_tag_type 3 ,
166 and may be used to retrieve the tag type from an ACL entry.
168 This function is described in
170 and may be used to allocate a fresh (empty) ACL structure.
171 .It Fn acl_is_trivial_np
172 This function is described in
173 .Xr acl_is_trivial_np 3 ,
174 and may be used to find out whether ACL is trivial.
181 These functions are described in
183 and may be used to assign an ACL to a file system object.
184 .It Fn acl_set_entry_type_np
185 This function is described in
186 .Xr acl_set_entry_type_np 3 ,
187 and may be used to set the ACL type of an ACL entry.
188 .It Fn acl_set_flagset_np
189 This function is described in
190 .Xr acl_set_flagset_np 3 ,
191 and may be used to set the flags of an ACL entry from a flagset.
192 .It Fn acl_set_permset
193 This function is described in
194 .Xr acl_set_permset 3 ,
195 and may be used to set the permissions of an ACL entry from a permset.
196 .It Fn acl_set_qualifier
197 This function is described in
198 .Xr acl_set_qualifier 3 ,
199 and may be used to set the qualifier of an ACL.
200 .It Fn acl_set_tag_type
201 This function is described in
202 .Xr acl_set_tag_type 3 ,
203 and may be used to set the tag type of an ACL.
205 This function is describe din
207 and may be used to remove extended entries from an ACL.
212 These functions are described in
214 and may be used to generate a text-form of a POSIX.1e or NFSv4 semantics ACL.
217 .Fn acl_valid_fd_np ,
218 .Fn acl_valid_file_np ,
219 .Fn acl_valid_link_np
221 These functions are described in
223 and may be used to validate an ACL as correct POSIX.1e-semantics, or
224 as appropriate for a particular file system object regardless of semantics.
227 Documentation of the internal kernel interfaces backing these calls may
230 The syscalls between the internal interfaces and the public library
231 routines may change over time, and as such are not documented.
232 They are not intended to be called directly without going through the
237 .Xr acl_add_flag_np 3 ,
239 .Xr acl_calc_mask 3 ,
240 .Xr acl_clear_flags_np 3 ,
241 .Xr acl_clear_perms 3 ,
242 .Xr acl_copy_entry 3 ,
243 .Xr acl_create_entry 3 ,
244 .Xr acl_delete_entry 3 ,
245 .Xr acl_delete_flag_np 3 ,
246 .Xr acl_delete_perm 3 ,
249 .Xr acl_from_text 3 ,
251 .Xr acl_get_entry_type_np 3 ,
252 .Xr acl_get_flagset_np 3 ,
253 .Xr acl_get_permset 3 ,
254 .Xr acl_get_qualifier 3 ,
255 .Xr acl_get_tag_type 3 ,
257 .Xr acl_is_trivial_np 3 ,
259 .Xr acl_set_entry_type_np 3 ,
260 .Xr acl_set_flagset_np 3 ,
261 .Xr acl_set_permset 3 ,
262 .Xr acl_set_qualifier 3 ,
263 .Xr acl_set_tag_type 3 ,
270 POSIX.1e assigns security labels to all objects, extending the security
271 functionality described in POSIX.1.
272 These additional labels provide fine-grained discretionary access control,
273 fine-grained capabilities, and labels necessary for mandatory access
275 POSIX.2c describes a set of userland utilities for manipulating these
278 POSIX.1e is described in IEEE POSIX.1e draft 17.
279 Discussion of the draft continues on the cross-platform POSIX.1e
280 implementation mailing list.
281 To join this list, see the
283 POSIX.1e implementation page for more information.
285 POSIX.1e support was introduced in
288 was the first version to include a complete ACL implementation based
289 on extended attributes for the UFS and UFS2 file systems.
295 utilities describe the user tools that permit direct manipulation of complete
298 .An Robert N M Watson