acl_get_file() — Get ACL by file name

Standards

Format

#define _OPEN_SYS	1
#include <sys/acl.h>

int  acl_get_file (const char *path_p, acl_type_t type_d, lacl_t acl_d, int *num);

General description

Use access control lists (ACLs) in conjunction with permission bits to control access to files and directories. Currently, ACLs are supported by the HFS, TFS, and zFS file systems. You must know whether your security product supports ACLs and what rules are used when determining file access. See z/OS UNIX System Services Planning for details.

The acl_get_file() function retrieves an ACL based on type_d argument for an object associated with the object via file name. The ACL is retrieved into the specified working storage pointed to by acl_d. For the type_d = ACL_ACCESS, acl_get_file() will get both the base ACL entries and extended ACL entries. The base ACL entries only apply to the ACL_ACCESS ACL.

The working storage should be allocated using the acl_init() function. If the buffer is not big enough, the acl_get_fd() will fail with errno=E2BIG and num will be filled with the number of ACLs in the ACL pointed to by fd. The user can get a bigger acl_t structure buffer using the num value and reissue the acl_get_fd().

If the object associated with the file descriptor does not have the specified ACL, then an ACL containing zero ACL entries will be returned. If the argument fd refers to an object other than a directory and the value of type_d is a directory/file default, then the function will fail.

The first call to acl_get_entry() following the call to acl_get_fd() obtains the first extended ACL entry in the ACL as ordered by the system. The result of acl_get_fd() can be used to set that same ACL using acl_set_fd() or acl_set_file() using OpType = ACL_ADD.

Returned value

Upon successful completion, the function returns zero.

If any of the following conditions occur, the acl_get_file() function returns a value of NULL and sets errno to the corresponding value:

Error Code

Description

EACCES

Search permission is denied for a component of the path prefix or the object exists and the subject does not have appropriate access rights.

EINVAL

Argument type_d is not a valid ACL type. Argument acl_d does not point to an ACL structure.

ENAMETOOLONG

The length of the path name argument exceeds PATH_MAX, or a path name component is longer than NAME_MAX and {_POSIX_NO_TRUNC} is in effect for that file. For symbolic links, the length of the path name string substituted for a symbolic link exceeds PATH_MAX. PATH_MAX and NAME_MAX values can be determined by using pathconf().

ENOENT

The named object does not exist or the path_p argument points to an empty string.

ENOTDIR

The type specified was directory/file default but the argument path_p is not a directory or a component of the path prefix is not a directory.

E2BIG

The supplied buffer is too small for all extended ACL entries. Num value has the number of ACL entries that need to fit in the buffer.

Related information

• sys/acl.h
• acl_free() — Release memory allocated to an ACL data object
• acl_set_file() — Set an ACL by file name
• acl_get_entry() — Get an ACL entry