'\" te .\" Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved. .TH acl 2 "10 Jan 2007" "SunOS 5.11" "System Calls" .SH NAME acl, facl \- get or set a file's Access Control List (ACL) .SH SYNOPSIS .LP .nf #include \fBint\fR \fBacl\fR(\fBchar *\fR\fIpathp\fR, \fBint\fR \fIcmd\fR, \fBint\fR \fInentries\fR, \fBvoid *\fR\fIaclbufp\fR); .fi .LP .nf \fBint\fR \fBfacl\fR(\fBint\fR \fIfildes\fR, \fBint\fR \fIcmd\fR, \fBint\fR \fInentries\fR, \fBvoid *\fR\fIaclbufp\fR); .fi .SH DESCRIPTION .sp .LP The \fBacl()\fR and \fBfacl()\fR functions get or set the \fBACL\fR of a file whose name is given by \fIpathp\fR or referenced by the open file descriptor \fIfildes\fR. The \fInentries\fR argument specifies how many \fBACL\fR entries fit into buffer \fIaclbufp\fR. The \fBacl()\fR function is used to manipulate \fBACL\fR on file system objects. .sp .LP The following types are supported for \fIaclbufp\fR: .sp .ne 2 .mk .na \fB\fBaclent_t\fR\fR .ad .RS 12n .rt Used by the UFS and NFS file systems. .RE .sp .ne 2 .mk .na \fB\fBace_t\fR\fR .ad .RS 12n .rt Used by the ZFS and NFSv4 file systems. .RE .sp .LP The following values for \fIcmd\fR are supported: .sp .ne 2 .mk .na \fB\fBSETACL\fR\fR .ad .RS 17n .rt \fInentries\fR \fBaclent_t\fR \fBACL\fR entries, specified in buffer \fIaclbufp\fR, are stored in the file's \fBACL\fR. All directories in the path name must be searchable. .RE .sp .ne 2 .mk .na \fB\fBGETACL\fR\fR .ad .RS 17n .rt Buffer \fIaclbufp\fR is filled with the file's \fBaclent_t\fR \fBACL\fR entries. Read access to the file is not required, but all directories in the path name must be searchable. .RE .sp .ne 2 .mk .na \fB\fBGETACLCNT\fR\fR .ad .RS 17n .rt The number of entries in the file's \fBaclent_t\fR \fBACL\fR is returned. Read access to the file is not required, but all directories in the path name must be searchable. .RE .sp .ne 2 .mk .na \fB\fBACE_SETACL\fR\fR .ad .RS 17n .rt \fInentries\fR \fBace_t\fR ACL entries, specified in buffer \fIaclbufp\fR, are stored in the file's ACL. All directories in the path name must be searchable. Write ACL access is required to change the file's ACL. .RE .sp .ne 2 .mk .na \fB\fBACE_GETACL\fR\fR .ad .RS 17n .rt Buffer \fIaclbufp\fR is filled with the file's \fBace_t\fR ACL entries. Read access to the file is required and all directories in the path name must be searchable. .RE .sp .ne 2 .mk .na \fB\fBACE_GETACLCNT\fR\fR .ad .RS 17n .rt The number of entries in the file's \fBace_t\fR ACL is returned. Read access to the file is required and all directories in the path name must be searchable. .RE .SH RETURN VALUES .sp .LP Upon successful completion, \fBacl()\fR and \fBfacl()\fR return \fB0\fR if \fIcmd\fR is \fBSETACL\fR or \fBACE_SETACL\fR. If \fIcmd\fR is \fBGETACL\fR, \fBGETACLCNT\fR, \fBACE_GETACL\fR or \fBACE_GETACLCNT\fR, the number of \fBACL\fR entries is returned. Otherwise, \fB\(mi1\fR is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS .sp .LP The \fBacl()\fR function will fail if: .sp .ne 2 .mk .na \fB\fBEACCES\fR\fR .ad .RS 11n .rt The caller does not have access to a component of the pathname. .RE .sp .ne 2 .mk .na \fB\fBEFAULT\fR\fR .ad .RS 11n .rt The \fIpathp\fR or \fIaclbufp\fR argument points to an illegal address. .RE .sp .ne 2 .mk .na \fB\fBEINVAL\fR\fR .ad .RS 11n .rt The \fIcmd\fR argument is not \fBGETACL\fR, \fBSETACL\fR, \fBACE_GETACL\fR, \fBGETACLCNT\fR, or \fBACE_GETACLCNT\fR; the \fIcmd\fR argument is \fBSETACL\fR and \fInentries\fR is less than 3; or the \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and the \fBACL\fR specified in \fIaclbufp\fR is not valid. .RE .sp .ne 2 .mk .na \fB\fBEIO\fR\fR .ad .RS 11n .rt A disk I/O error has occurred while storing or retrieving the \fBACL.\fR .RE .sp .ne 2 .mk .na \fB\fBENOENT\fR\fR .ad .RS 11n .rt A component of the path does not exist. .RE .sp .ne 2 .mk .na \fB\fBENOSPC\fR\fR .ad .RS 11n .rt The \fIcmd\fR argument is \fBGETACL\fR and \fInentries\fR is less than the number of entries in the file's \fBACL\fR, or the \fIcmd\fR argument is \fBSETACL\fR and there is insufficient space in the file system to store the \fBACL\fR. .RE .sp .ne 2 .mk .na \fB\fBENOSYS\fR\fR .ad .RS 11n .rt The \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and the file specified by \fIpathp\fR resides on a file system that does not support \fBACLs\fR, or the \fBacl()\fR function is not supported by this implementation. .RE .sp .ne 2 .mk .na \fB\fBENOTDIR\fR\fR .ad .RS 11n .rt A component of the path specified by \fIpathp\fR is not a directory, or the \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and an attempt is made to set a default \fBACL\fR on a file type other than a directory. .RE .sp .ne 2 .mk .na \fB\fBENOTSUP\fR\fR .ad .RS 11n .rt The \fIcmd\fR argument is \fBGETACL\fR, but the ACL is composed of \fBace_t\fR entries, and the ACL cannot be translated into \fBaclent_t\fR form. .sp The \fIcmd\fR argument is \fBACE_SETACL\fR, but the underlying filesystem only supports ACLs composed of \fBaclent_t\fR entries and the ACL could not be translated into \fBaclent_t\fR form. .RE .sp .ne 2 .mk .na \fB\fBEPERM\fR\fR .ad .RS 11n .rt The effective user \fBID\fR does not match the owner of the file and the process does not have appropriate privilege. .RE .sp .ne 2 .mk .na \fB\fBEROFS\fR\fR .ad .RS 11n .rt The \fIcmd\fR argument is \fBSETACL\fR or \fBACE_SETACL\fR and the file specified by \fIpathp\fR resides on a file system that is mounted read-only. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . ATTRIBUTE TYPEATTRIBUTE VALUE _ Interface StabilityCommitted .TE .SH SEE ALSO .sp .LP \fBgetfacl\fR(1), \fBsetfacl\fR(1), \fBaclcheck\fR(3SEC), \fBaclsort\fR(3SEC)