acl_valid(3)
NAME
- acl_valid, acl_valid_fd_np, acl_valid_file_np,
- acl_valid_link_np - validate an ACL
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <sys/types.h> #include <sys/acl.h> int acl_valid(acl_t acl); int acl_valid_fd_np(int fd, acl_type_t type, acl_t acl); int acl_valid_file_np(const char *path_p, acl_type_t type, acl_t acl); int acl_valid_link_np(const char *path_p, acl_type_t type, acl_t acl);
DESCRIPTION
- These functions check that the ACL referred to by the argu
- ment acl is
valid. The POSIX.1e routine, acl_valid(), checks this va - lidity only with
POSIX.1e ACL semantics, and irrespective of the context in - which the ACL
is to be used. The non-portable forms, acl_valid_fd_np(), acl_valid_file_np(), and acl_valid_link_np() allow an ACL to - be checked
in the context of a specific acl type, type, and file system - object. In
environments where additional ACL types are supported than - just POSIX.1e,
this makes more sense. Whereas acl_valid_file_np() will - follow the symlink if the specified path is to a symlink,
- acl_valid_link_np() will not.
- For POSIX.1e semantics, the checks include:
- +o The three required entries (ACL_USER_OBJ, ACL_GROUP_OBJ,
- and
- ACL_OTHER) shall exist exactly once in the ACL. If the
- ACL contains
any ACL_USER, ACL_GROUP, or any other implementation-de - fined entries
in the file group class then one ACL_MASK entry shall - also be
required. The ACL shall contain at most one ACL_MASK - entry.
- +o The qualifier field shall be unique among all entries of
- the same
- POSIX.1e ACL facility defined tag type. The tag type
- field shall
contain valid values including any implementation-de - fined values.
Validation of the values of the qualifier field is im - plementationdefined.
- The POSIX.1e acl_valid() function may reorder the ACL for
- the purposes of
verification; the non-portable validation functions will - not.
IMPLEMENTATION NOTES
- FreeBSD's support for POSIX.1e interfaces and features is
- still under
development at this time.
RETURN VALUES
- The function returns the value 0 if successful; otherwise
- the value -1 is
returned and the global variable errno is set to indicate - the error.
ERRORS
- If any of the following conditions occur, these functions
- shall return -1
and set errno to the corresponding value: - [EACCES] Search permission is denied for a compo
- nent of the
- path prefix, or the object exists and the
- process does
not have appropriate access rights. - [EBADF] The fd argument is not a valid file de
- scriptor.
- [EINVAL] Argument acl does not point to a valid
- ACL.
One or more of the required ACL entries- is not present
in acl. - The ACL contains entries that are not
- unique.
- The file system rejects the ACL based on
- fs-specific
semantics issues. - [ENAMETOOLONG] A component of a pathname exceeded 255
- characters, or
- an entire path name exceeded 1023 charac
- ters.
- [ENOENT] The named object does not exist, or the
- path_p argu
- ment points to an empty string.
- [ENOMEM] Insufficient memory available to fulfill
- request.
- [EOPNOTSUPP] The file system does not support ACL re
- trieval.
SEE ALSO
acl(3), acl_get(3), acl_init(3), acl_set(3), posix1e(3)
STANDARDS
- POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
- of the draft
continues on the cross-platform POSIX.1e implementation - mailing list. To
join this list, see the FreeBSD POSIX.1e implementation page - for more
information.
HISTORY
- POSIX.1e support was introduced in FreeBSD 4.0, and develop
- ment continues.
AUTHORS
- Robert N M Watson
- BSD December 29, 2002