1.\"- 2.\" Copyright (c) 2000 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD: src/lib/libposix1e/acl.3,v 1.2.2.5 2001/12/20 16:27:06 ru Exp $ 27.\" 28.Dd January 28, 2000 29.Dt ACL 3 30.Os 31.Sh NAME 32.Nm acl 33.Nd introduction to the POSIX.1e ACL security API 34.Sh LIBRARY 35.Lb libposix1e 36.Sh SYNOPSIS 37.In sys/types.h 38.In sys/acl.h 39.Sh DESCRIPTION 40As shipped, 41.Dx 42permits file systems to export 43Access Control Lists via the VFS, and provides a library for userland 44access to and manipulation of these ACLs, but support for ACLs is not 45provided by any file systems shipped in the base operating system. 46The library calls shipped with 4.0 include routines to allocate, 47duplicate, retrieve, set, and validate ACLs associated with file objects. 48As well as the POSIX.1e routines, there are a number of non-portable 49extensions defined that allow for alternative ACL semantics than the 50POSIX.1e semantics, such as AFS and NTFS semantics. Where 51routines are non-standard, they are suffixed with _np to indicate that 52they are not portable. 53.Pp 54POSIX.1e describes a set of ACL manipulation routines to manage the 55contents of ACLs, as well as their relationships with files. This 56manipulation library is not currently implemented in 57.Dx , 58although 59a third party library was under development at the time this document 60was written. There is a general consensus that the POSIX.1e manipulation 61routines are ambiguously defined in the specification, and don't meet the 62needs of most applications. For the time being, applications may 63directly manipulate the ACL structures, defined in 64.In sys/acl.h , 65although the 66recommended usage is to only ever handle text-form ACLs in applications, 67generated and maintained using 68.Fn acl_from_text 69and 70.Fn acl_to_text , 71passed directly to and from the management routines. In this manner, 72an application can remain safely unaware of the contents of ACLs. 73.Pp 74Available functions, sorted by behavior, include: 75.Pp 76.Fn acl_delete_def_file , 77.Fn acl_delete_file_np , 78.Fn acl_delete_fd_np 79.Pp 80These functions are described in 81.Xr acl_delete 3 , 82and may be used to delete ACLs from file system objects. 83.Pp 84.Fn acl_free 85.Pp 86This function is described in 87.Xr acl_free 3 , 88and may be used to free userland working ACL storage. 89.Pp 90.Fn acl_from_text 91.Pp 92This function is described in 93.Xr acl_from_text 3 , 94and may be used to convert a text-form ACL into working ACL state, if 95the ACL has POSIX.1e semantics. 96.Pp 97.Fn acl_get_file , 98.Fn acl_get_fd , 99.Fn acl_get_fd_np 100.Pp 101These functions are described in 102.Xr acl_get 3 , 103and may be used to retrieve ACLs from file system objects. 104.Pp 105.Fn acl_init 106.Pp 107This function is described in 108.Xr acl_init 3 , 109and may be used to allocate a fresh (empty) ACL structure. 110.Pp 111.Fn acl_dup 112.Pp 113This function is described in 114.Xr acl_dup 3 , 115and may be used to duplicate an ACL structure. 116.Pp 117.Fn acl_set_file , 118.Fn acl_set_fd , 119.Fn acl_set_fd_np 120.Pp 121These functions are described in 122.Xr acl_set 3 , 123and may be used to assign an ACL to a file system object. 124.Pp 125.Fn acl_to_text 126.Pp 127This function is described in 128.Xr acl_to_text 3 , 129and may be used to generate a text-form of a POSIX.1e semantics ACL. 130.Pp 131.Fn acl_valid , 132.Fn acl_valid_file_np , 133.Fn acl_valid_fd_np 134.Pp 135Thee functions are described in 136.Xr acl_valid 3 , 137and may be used to validate an ACL as correct POSIX.1e-semantics, or 138as appropriate for a particular file system object regardless of semantics. 139.Pp 140Documentation of the internal kernel interfaces backing these calls may 141be found in 142.Xr acl 9 . 143The syscalls between the internal interfaces and the public library 144routines may change over time, and as such are not documented. They are 145not intended to be called directly without going through the library. 146.Sh IMPLEMENTATION NOTES 147.Dx Ns 's 148support for POSIX.1e interfaces and features is still under 149development at this time. 150.Sh ENVIRONMENT 151POSIX.1e assigns security labels to all objects, extending the security 152functionality described in POSIX.1. These additional labels provide 153fine-grained discretionary access control, fine-grained capabilities, 154and labels necessary for mandatory access control. POSIX.2c describes 155a set of userland utilities for manipulating these labels. These userland 156utilities are not bundled with 157.Dx 158so as to discourage their 159use in the short term. 160.\" .Sh FILES 161.Sh SEE ALSO 162.Xr acl 3 , 163.Xr acl_dup 3 , 164.Xr acl_free 3 , 165.Xr acl_from_text 3 , 166.Xr acl_get 3 , 167.Xr acl_set 3 , 168.Xr acl_to_text 3 , 169.Xr acl_valid 3 , 170.Xr acl 9 171.Sh STANDARDS 172POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion 173of the draft continues on the cross-platform POSIX.1e implementation 174mailing list. To join this list, see the 175.Fx 176POSIX.1e implementation 177page for more information. 178.Sh HISTORY 179POSIX.1e support was introduced in 180.Fx 4.0 , 181and development continues. 182.Sh AUTHORS 183.An Robert N M Watson 184.Sh BUGS 185These features are not yet fully implemented. In particular, the shipped 186version of UFS/FFS does not support storage of additional security labels, 187and so is unable to (easily) provide support for most of these features. 188