[ новости /+++ | форум | теги | ]

NAME

acl

 - virtual file system access control lists

 

SYNOPSIS

In the kernel configuration file: options UFS_ACL  

DESCRIPTION

Currently, each ACL is represented in-kernel by a fixed-size Vt acl structure, defined as follows:

struct acl {
        int                     acl_cnt;
        struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
};

An ACL is constructed from a fixed size array of ACL entries, each of which consists of a set of permissions, principal namespace, and principal identifier.

Each individual ACL entry is of the type Vt acl_entry_t , which is a structure with the following members:

Vt acl_tag_t ae_tag

The following is a list of definitions of ACL types to be set in ae_tag

ACL_UNDEFINED_FIELD

Undefined ACL type.

ACL_USER_OBJ

Discretionary access rights for processes whose effective user ID matches the user ID of the file's owner.

ACL_USER

Discretionary access rights for processes whose effective user ID matches the ACL entry qualifier.

ACL_GROUP_OBJ

Discretionary access rights for processes whose effective group ID or any supplemental groups match the group ID of the file's owner.

ACL_GROUP

Discretionary access rights for processes whose effective group ID or any supplemental groups match the ACL entry qualifier.

ACL_MASK

The maximum discretionary access rights that can be granted to a process in the file group class.

ACL_OTHER

Discretionary access rights for processes not covered by any other ACL entry.

ACL_OTHER_OBJ

Same as ACL_OTHER Each ACL entry must contain exactly one ACL_USER_OBJ one ACL_GROUP_OBJ and one ACL_OTHER If any of ACL_USER ACL_GROUP or ACL_OTHER are present, then exactly one ACL_MASK entry should be present.

Vt uid_t ae_id

The ID of user for whom this ACL describes access permissions.

Vt acl_perm_t ae_perm

This field defines what kind of access the process matching this ACL has for accessing the associated file.

ACL_EXECUTE

The process may execute the associated file.

ACL_WRITE

The process may write to the associated file.

ACL_READ

The process may read from the associated file.

ACL_PERM_NONE

The process has no read, write or execute permissions to the associated file.

IMPLEMENTATION NOTES

typedef mode_t  *acl_permset_t;

/* internal ACL structure */
struct acl {
        int                     acl_cnt;
        struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
};

/* external ACL structure */
struct acl_t_struct {
        struct acl              ats_acl;
        int                     ats_cur_entry;
};
typedef struct acl_t_struct *acl_t;

/*
 * Possible valid values for ae_tag field.
 */
#define ACL_UNDEFINED_TAG       0x00000000
#define ACL_USER_OBJ            0x00000001
#define ACL_USER                0x00000002
#define ACL_GROUP_OBJ           0x00000004
#define ACL_GROUP               0x00000008
#define ACL_MASK                0x00000010
#define ACL_OTHER               0x00000020
#define ACL_OTHER_OBJ           ACL_OTHER

/*
 * Possible valid values for acl_type_t arguments.
 */
#define ACL_TYPE_ACCESS         0x00000000
#define ACL_TYPE_DEFAULT        0x00000001
#define ACL_TYPE_AFS            0x00000002
#define ACL_TYPE_CODA           0x00000003
#define ACL_TYPE_NTFS           0x00000004
#define ACL_TYPE_NWFS           0x00000005

/*
 * Possible flags in ae_perm field.
 */
#define ACL_EXECUTE             0x0001
#define ACL_WRITE               0x0002
#define ACL_READ                0x0004
#define ACL_PERM_NONE           0x0000
#define ACL_PERM_BITS           (ACL_EXECUTE | ACL_WRITE | ACL_READ)
#define ACL_POSIX1E_BITS        (ACL_EXECUTE | ACL_WRITE | ACL_READ)

/*
 * Possible entry_id values for acl_get_entry()
 */
#define ACL_FIRST_ENTRY         0
#define ACL_NEXT_ENTRY          1

/*
 * Undefined value in ae_id field
 */
#define ACL_UNDEFINED_ID        ((uid_t)-1)

SEE ALSO

AUTHORS

Index

NAME

SYNOPSIS

DESCRIPTION

IMPLEMENTATION NOTES

SEE ALSO

AUTHORS

Партнёры:

Хостинг: