Main index | Section 3 | Options |
#include <archive_entry.h>
ARCHIVE_ENTRY_ACL_READ( r)
ARCHIVE_ENTRY_ACL_WRITE( w) ARCHIVE_ENTRY_ACL_EXECUTE( x) | |
The tag specifies the principal to which the permission applies. Valid values are:
ARCHIVE_ENTRY_ACL_USER | The user specified by the name field. |
ARCHIVE_ENTRY_ACL_USER_OBJ | The owner of the file. |
ARCHIVE_ENTRY_ACL_GROUP | The group specified by the name field. |
ARCHIVE_ENTRY_ACL_GROUP_OBJ | The group which owns the file. |
ARCHIVE_ENTRY_ACL_MASK | The maximum permissions to be obtained via group permissions. |
ARCHIVE_ENTRY_ACL_OTHER | Any principal who is not the file owner or a member of the owning group. |
The principals ARCHIVE_ENTRY_ACL_USER_OBJ, ARCHIVE_ENTRY_ACL_GROUP_OBJ and ARCHIVE_ENTRY_ACL_OTHER are equivalent to user, group and other in the classic Unix permission model and specify non-extended ACL entries.
All files have an access ACL ( ARCHIVE_ENTRY_ACL_TYPE_ACCESS). This specifies the permissions required for access to the file itself. Directories have an additional ACL ( ARCHIVE_ENTRY_ACL_TYPE_DEFAULT), which controls the initial access ACL for newly-created directory entries.
There are four possible types of a NFSv4 ACE:
ARCHIVE_ENTRY_ACL_TYPE_ALLOW | Allow principal to perform actions requiring given permissions. |
ARCHIVE_ENTRY_ACL_TYPE_DENY | Prevent principal from performing actions requiring given permissions. |
ARCHIVE_ENTRY_ACL_TYPE_AUDIT | Log access attempts by principal which require given permissions. |
ARCHIVE_ENTRY_ACL_TYPE_ALARM | Trigger a system alarm on access attempts by principal which require given permissions. |
The tag specifies the principal to which the permission applies. Valid values are:
ARCHIVE_ENTRY_ACL_USER | The user specified by the name field. |
ARCHIVE_ENTRY_ACL_USER_OBJ | The owner of the file. |
ARCHIVE_ENTRY_ACL_GROUP | The group specified by the name field. |
ARCHIVE_ENTRY_ACL_GROUP_OBJ | The group which owns the file. |
ARCHIVE_ENTRY_ACL_EVERYONE | Any principal who is not the file owner or a member of the owning group. |
Entries with the ARCHIVE_ENTRY_ACL_USER or ARCHIVE_ENTRY_ACL_GROUP tag store the user and group name in the name string and optionally the user or group ID in the qualifier integer.
NFSv4 ACE permissions and flags are stored in the same permset bitfield. Some permissions share the same constant and permission character but have different effect on directories than on files. The following ACE permissions are supported:
ARCHIVE_ENTRY_ACL_READ_DATA( r) | Read data (file). |
ARCHIVE_ENTRY_ACL_LIST_DIRECTORY( r) | List entries (directory). |
ARCHIVE_ENTRY_ACL_WRITE_DATA( w) | Write data (file). |
ARCHIVE_ENTRY_ACL_ADD_FILE( w) | Create files (directory). |
ARCHIVE_ENTRY_ACL_EXECUTE( x) | Execute file or change into a directory. |
ARCHIVE_ENTRY_ACL_APPEND_DATA( p) | Append data (file). |
ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY( p) | Create subdirectories (directory). |
ARCHIVE_ENTRY_ACL_DELETE_CHILD( D) | Remove files and subdirectories inside a directory. |
ARCHIVE_ENTRY_ACL_DELETE( d) | Remove file or directory. |
ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES( a) | Read file or directory attributes. |
ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES( A) | Write file or directory attributes. |
ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS( R) | Read named file or directory attributes. |
ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS( W) | Write named file or directory attributes. |
ARCHIVE_ENTRY_ACL_READ_ACL( c) | Read file or directory ACL. |
ARCHIVE_ENTRY_ACL_WRITE_ACL( C) | Write file or directory ACL. |
ARCHIVE_ENTRY_ACL_WRITE_OWNER( o) | Change owner of a file or directory. |
ARCHIVE_ENTRY_ACL_SYNCHRONIZE( s) | Use synchronous I/O. |
The following NFSv4 ACL inheritance flags are supported:
ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT( f) | Inherit parent directory ACE to files. |
ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT( d) | Inherit parent directory ACE to subdirectories. |
ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY( i) | Only inherit, do not apply the permission on the directory itself. |
ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT( n) | Do not propagate inherit flags. Only first-level entries inherit ACLs. |
ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS( S) | Trigger alarm or audit on successful access. |
ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS( F) | Trigger alarm or audit on failed access. |
ARCHIVE_ENTRY_ACL_ENTRY_INHERITED( I) | Mark that ACE was inherited. |
archive_entry_acl_clear() removes all ACL entries and resets the enumeration pointer.
archive_entry_acl_count() counts the ACL entries that have the given type mask. type can be the bitwise-or of
ARCHIVE_ENTRY_ACL_TYPE_ACCESS
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT | |
ARCHIVE_ENTRY_ACL_TYPE_ALLOW
ARCHIVE_ENTRY_ACL_TYPE_DENY ARCHIVE_ENTRY_ACL_TYPE_AUDIT ARCHIVE_ENTRY_ACL_TYPE_ALARM | |
archive_entry_acl_from_text() and archive_entry_acl_from_text_w() add new (or merge with existing) ACL entries from (wide) text. The argument type may take one of the following values:
ARCHIVE_ENTRY_ACL_TYPE_ACCESS
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT ARCHIVE_ENTRY_ACL_TYPE_NFS4 | |
archive_entry_acl_next() return the next entry of the ACL list. This functions may only be called after archive_entry_acl_reset() has indicated the presence of extended ACL entries.
archive_entry_acl_reset() prepare reading the list of ACL entries with archive_entry_acl_next(). The function returns 0 if no non-extended ACLs are found. In this case, the access permissions should be obtained by archive_entry_mode(3) or set using chmod(2). Otherwise, the function returns the same value as archive_entry_acl_count().
archive_entry_acl_to_text() and archive_entry_acl_to_text_w() convert the ACL entries for the given type into a (wide) string of ACL entries separated by newline. If the pointer len_p is not NULL, then the function shall return the length of the string (not including the NULL terminator) in the location pointed to by len_p. The flag argument is a bitwise-or.
The following flags are effective only on POSIX.1e ACL:
ARCHIVE_ENTRY_ACL_TYPE_ACCESS | Output access ACLs. |
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT | Output POSIX.1e default ACLs. |
ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT | Prefix each default ACL entry with the word "default:". |
ARCHIVE_ENTRY_ACL_STYLE_SOLARIS | The mask and other ACLs don not contain a double colon. |
The following flags are effecive only on NFSv4 ACL:
ARCHIVE_ENTRY_ACL_STYLE_COMPACT | Do not output minus characters for unset permissions and flags in NFSv4 ACL permission and flag fields. |
The following flags are effective on both POSIX.1e and NFSv4 ACL:
ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID | Add an additional colon-separated field containing the user or group id. |
ARCHIVE_ENTRY_ACL_STYLE_SEPARATOR_COMMA | Separate ACL entries with comma instead of newline. |
If the archive entry contains NFSv4 ACLs, all types of NFSv4 ACLs are returned. It the entry contains POSIX.1e ACLs and none of the flags ARCHIVE_ENTRY_ACL_TYPE_ACCESS or ARCHIVE_ENTRY_ACL_TYPE_DEFAULT are specified, both access and default entries are returned and default entries are prefixed with "default:".
archive_entry_acl_types() get ACL entry types contained in an archive entry's ACL. As POSIX.1e and NFSv4 ACL entries cannot be mixed, this function is a very efficient way to detect if an ACL already contains POSIX.1e or NFSv4 ACL entries.
archive_entry_acl_from_text() and archive_entry_acl_from_text_w() return ARCHIVE_OK if all entries were successfully parsed and ARCHIVE_WARN if one or more entries were invalid or non-parseable.
archive_entry_acl_next() returns ARCHIVE_OK on success, ARCHIVE_EOF if no more ACL entries exist and ARCHIVE_WARN if archive_entry_acl_reset() has not been called first.
archive_entry_acl_to_text() returns a string representing the ACL entries matching the given type and flags on success or NULL on error.
archive_entry_acl_to_text_w() returns a wide string representing the ACL entries matching the given type and flags on success or NULL on error.
archive_entry_acl_types() returns a bitmask of ACL entry types or 0 if archive entry has no ACL entries.
ARCHIVE_ENTRY_ACL (3) | February 15, 2017 |
Main index | Section 3 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | What is this horrible fascination with Unix? The operating system of the 1960s, still gaining in popularity in the 1990s. | ” |
— Donald A. Norman |