acl.5.html

<!DOCTYPE html>
<html>
<!-- This is an automatically generated file.  Do not edit.
   Access Control Lists manual pages
  
   (C) 2002 Andreas Gruenbacher, <andreas.gruenbacher@gmail.com>
  
   This is free documentation; you can redistribute it and/or
   modify it under the terms of the GNU General Public License as
   published by the Free Software Foundation; either version 2 of
   the License, or (at your option) any later version.
  
   The GNU General Public License's references to "object code"
   and "executables" are to be interpreted as the output of any
   document formatting or typesetting system, including
   intermediate and printed output.
  
   This manual is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
  
   You should have received a copy of the GNU General Public
   License along with this manual.  If not, see
   <http://www.gnu.org/licenses/>.
   -->
<head>
  <meta charset="utf-8"/>
  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
  <link rel="stylesheet" href="mandoc.css" type="text/css" media="all"/>
  <title>ACL(5)</title>
</head>
<body>
<table class="head">
  <tr>
    <td class="head-ltitle">ACL(5)</td>
    <td class="head-vol">File Formats Manual</td>
    <td class="head-rtitle">ACL(5)</td>
  </tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">acl</code> &#x2014; <span class="Nd">Access
    Control Lists</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">This manual page describes POSIX Access Control Lists, which are
    used to define more fine-grained discretionary access rights for files and
    directories.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="ACL_TYPES"><a class="permalink" href="#ACL_TYPES">ACL
  TYPES</a></h1>
<p class="Pp">Every object can be thought of as having associated with it an ACL
    that governs the discretionary access to that object; this ACL is referred
    to as an access ACL. In addition, a directory may have an associated ACL
    that governs the initial access ACL for objects created within that
    directory; this ACL is referred to as a default ACL.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="ACL_ENTRIES"><a class="permalink" href="#ACL_ENTRIES">ACL
  ENTRIES</a></h1>
<p class="Pp">An ACL consists of a set of ACL entries. An ACL entry specifies
    the access permissions on the associated object for an individual user or a
    group of users as a combination of read, write and search/execute
    permissions.</p>
<p class="Pp">An ACL entry contains an entry tag type, an optional entry tag
    qualifier, and a set of permissions. We use the term qualifier to denote the
    entry tag qualifier of an ACL entry.</p>
<p class="Pp">The qualifier denotes the identifier of a user or a group, for
    entries with tag types of ACL_USER or ACL_GROUP, respectively. Entries with
    tag types other than ACL_USER or ACL_GROUP have no defined qualifiers.</p>
<p class="Pp">The following entry tag types are defined:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
  <dt>ACL_USER_OBJ</dt>
  <dd>The ACL_USER_OBJ entry denotes access rights for the file owner.</dd>
  <dt>ACL_USER</dt>
  <dd>ACL_USER entries denote access rights for users identified by the entry's
      qualifier.</dd>
  <dt>ACL_GROUP_OBJ</dt>
  <dd>The ACL_GROUP_OBJ entry denotes access rights for the file group.</dd>
  <dt>ACL_GROUP</dt>
  <dd>ACL_GROUP entries denote access rights for groups identified by the
      entry's qualifier.</dd>
  <dt>ACL_MASK</dt>
  <dd>The ACL_MASK entry denotes the maximum access rights that can be granted
      by entries of type ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.</dd>
  <dt>ACL_OTHER</dt>
  <dd>The ACL_OTHER entry denotes access rights for processes that do not match
      any other entry in the ACL.</dd>
</dl>
</div>
<p class="Pp">When an access check is performed, the ACL_USER_OBJ and ACL_USER
    entries are tested against the effective user ID. The effective group ID, as
    well as all supplementary group IDs are tested against the ACL_GROUP_OBJ and
    ACL_GROUP entries.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="VALID_ACLs"><a class="permalink" href="#VALID_ACLs">VALID
  ACLs</a></h1>
<p class="Pp">A valid ACL contains exactly one entry with each of the
    ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries with ACL_USER
    and ACL_GROUP tag types may appear zero or more times in an ACL. An ACL that
    contains entries of ACL_USER or ACL_GROUP tag types must contain exactly one
    entry of the ACL_MASK tag type. If an ACL contains no entries of ACL_USER or
    ACL_GROUP tag types, the ACL_MASK entry is optional.</p>
<p class="Pp">All user ID qualifiers must be unique among all entries of
    ACL_USER tag type, and all group IDs must be unique among all entries of
    ACL_GROUP tag type.</p>
<p class="Pp" id="acl_get_file">
  <br/>
   The
    <a class="permalink" href="#acl_get_file"><code class="Fn">acl_get_file</code></a>()
    function returns an ACL with zero ACL entries as the default ACL of a
    directory, if the directory is not associated with a default ACL. The
    <a class="permalink" href="#acl_set_file"><code class="Fn" id="acl_set_file">acl_set_file</code></a>()
    function also accepts an ACL with zero ACL entries as a valid default ACL
    for directories, denoting that the directory shall not be associated with a
    default ACL. This is equivalent to using the
    <a class="permalink" href="#acl_delete_def_file"><code class="Fn" id="acl_delete_def_file">acl_delete_def_file</code></a>()
    function.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="CORRESPONDENCE_BETWEEN_ACL_ENTRIES_AND_FILE_PERMISSION_BITS"><a class="permalink" href="#CORRESPONDENCE_BETWEEN_ACL_ENTRIES_AND_FILE_PERMISSION_BITS">CORRESPONDENCE
  BETWEEN ACL ENTRIES AND FILE PERMISSION BITS</a></h1>
<p class="Pp">The permissions defined by ACLs are a superset of the permissions
    specified by the file permission bits.</p>
<p class="Pp">There is a correspondence between the file owner, group, and other
    permissions and specific ACL entries: the owner permissions correspond to
    the permissions of the ACL_USER_OBJ entry. If the ACL has an ACL_MASK entry,
    the group permissions correspond to the permissions of the ACL_MASK entry.
    Otherwise, if the ACL has no ACL_MASK entry, the group permissions
    correspond to the permissions of the ACL_GROUP_OBJ entry. The other
    permissions correspond to the permissions of the ACL_OTHER entry.</p>
<p class="Pp">The file owner, group, and other permissions always match the
    permissions of the corresponding ACL entry. Modification of the file
    permission bits results in the modification of the associated ACL entries,
    and modification of these ACL entries results in the modification of the
    file permission bits.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="OBJECT_CREATION_AND_DEFAULT_ACLs"><a class="permalink" href="#OBJECT_CREATION_AND_DEFAULT_ACLs">OBJECT
  CREATION AND DEFAULT ACLs</a></h1>
<p class="Pp">The access ACL of a file object is initialized when the object is
    created with any of the
    <a class="permalink" href="#creat"><code class="Fn" id="creat">creat</code></a>(),
    <a class="permalink" href="#mkdir"><code class="Fn" id="mkdir">mkdir</code></a>(),
    <a class="permalink" href="#mknod"><code class="Fn" id="mknod">mknod</code></a>(),
    <a class="permalink" href="#mkfifo"><code class="Fn" id="mkfifo">mkfifo</code></a>(),
    or
    <a class="permalink" href="#open"><code class="Fn" id="open">open</code></a>()
    functions. If a default ACL is associated with a directory, the
    <var class="Va">mode</var> parameter to the functions creating file objects
    and the default ACL of the directory are used to determine the ACL of the
    new object:</p>
<ol class="Bl-enum">
  <li>The new object inherits the default ACL of the containing directory as its
      access ACL.</li>
  <li>The access ACL entries corresponding to the file permission bits are
      modified so that they contain no permissions that are not contained in the
      permissions specified by the <var class="Va">mode</var> parameter.</li>
</ol>
<p class="Pp">If no default ACL is associated with a directory, the
    <var class="Va">mode</var> parameter to the functions creating file objects
    and the file creation mask (see
    <a class="Xr" href="umask.2.html">umask(2)</a>) are used to determine the
    ACL of the new object:</p>
<ol class="Bl-enum">
  <li>The new object is assigned an access ACL containing entries of tag types
      ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER. The permissions of these
      entries are set to the permissions specified by the file creation
    mask.</li>
  <li>The access ACL entries corresponding to the file permission bits are
      modified so that they contain no permissions that are not contained in the
      permissions specified by the <var class="Va">mode</var> parameter.</li>
</ol>
</section>
<section class="Sh">
<h1 class="Sh" id="ACCESS_CHECK_ALGORITHM"><a class="permalink" href="#ACCESS_CHECK_ALGORITHM">ACCESS
  CHECK ALGORITHM</a></h1>
<p class="Pp">A process may request read, write, or execute/search access to a
    file object protected by an ACL. The access check algorithm determines
    whether access to the object will be granted.</p>
<ol class="Bl-enum">
  <li id="If"><a class="permalink" href="#If"><b class="Sy">If</b></a> the
      effective user ID of the process matches the user ID of the file object
      owner, <b class="Sy">then</b>
    <div class="Bd Pp Bd-indent"><b class="Sy">if</b> the ACL_USER_OBJ entry
      contains the requested permissions, access is granted,
    <p class="Pp"><b class="Sy">else</b> access is denied.</p>
    </div>
  </li>
  <li><b class="Sy">else if</b> the effective user ID of the process matches the
      qualifier of any entry of type ACL_USER, <b class="Sy">then</b>
    <div class="Bd Pp Bd-indent"><b class="Sy">if</b> the matching ACL_USER
      entry and the ACL_MASK entry contain the requested permissions, access is
      granted,
    <p class="Pp"><b class="Sy">else</b> access is denied.</p>
    </div>
  </li>
  <li><b class="Sy">else if</b> the effective group ID or any of the
      supplementary group IDs of the process match the file group or the
      qualifier of any entry of type ACL_GROUP, <b class="Sy">then</b>
    <div class="Bd Pp Bd-indent"><b class="Sy">if</b> the ACL contains an
      ACL_MASK entry, <b class="Sy">then</b>
    <div class="Bd Pp Bd-indent"><b class="Sy">if</b> the ACL_MASK entry and any
      of the matching ACL_GROUP_OBJ or ACL_GROUP entries contain the requested
      permissions, access is granted,
    <p class="Pp"><b class="Sy">else</b> access is denied.</p>
    <p class="Pp"></p>
    </div>
    <b class="Sy">else</b> (note that there can be no ACL_GROUP entries without
      an ACL_MASK entry)
    <div class="Bd Pp Bd-indent"><b class="Sy">if</b> the ACL_GROUP_OBJ entry
      contains the requested permissions, access is granted,
    <p class="Pp"><b class="Sy">else</b> access is denied.</p>
    </div>
    </div>
  </li>
  <li><b class="Sy">else if</b> the ACL_OTHER entry contains the requested
      permissions, access is granted.</li>
  <li id="else"><a class="permalink" href="#else"><b class="Sy">else</b></a>
      access is denied.</li>
</ol>
</section>
<section class="Sh">
<h1 class="Sh" id="ACL_TEXT_FORMS"><a class="permalink" href="#ACL_TEXT_FORMS">ACL
  TEXT FORMS</a></h1>
<p class="Pp">A long and a short text form for representing ACLs is defined. In
    both forms, ACL entries are represented as three colon separated fields: an
    ACL entry tag type, an ACL entry qualifier, and the discretionary access
    permissions. The first field contains one of the following entry tag type
    keywords:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
  <dt id="user"><a class="permalink" href="#user"><code class="Li">user</code></a></dt>
  <dd>A <code class="Li">user</code> ACL entry specifies the access granted to
      either the file owner (entry tag type ACL_USER_OBJ) or a specified user
      (entry tag type ACL_USER).</dd>
  <dt id="group"><a class="permalink" href="#group"><code class="Li">group</code></a></dt>
  <dd>A <code class="Li">group</code> ACL entry specifies the access granted to
      either the file group (entry tag type ACL_GROUP_OBJ) or a specified group
      (entry tag type ACL_GROUP).</dd>
  <dt id="mask"><a class="permalink" href="#mask"><code class="Li">mask</code></a></dt>
  <dd>A <code class="Li">mask</code> ACL entry specifies the maximum access
      which can be granted by any ACL entry except the
      <code class="Li">user</code> entry for the file owner and the
      <code class="Li">other</code> entry (entry tag type ACL_MASK).</dd>
  <dt id="other"><a class="permalink" href="#other"><code class="Li">other</code></a></dt>
  <dd>An <code class="Li">other</code> ACL entry specifies the access granted to
      any process that does not match any <code class="Li">user</code> or
      <code class="Li">group</code> ACL entries (entry tag type ACL_OTHER).</dd>
</dl>
</div>
<p class="Pp">The second field contains the user or group identifier of the user
    or group associated with the ACL entry for entries of entry tag type
    ACL_USER or ACL_GROUP, and is empty for all other entries. A user identifier
    can be a user name or a user ID number in decimal form. A group identifier
    can be a group name or a group ID number in decimal form.</p>
<p class="Pp">The third field contains the discretionary access permissions. The
    read, write and search/execute permissions are represented by the
    <code class="Li">r</code>, <code class="Li">w</code>, and
    <code class="Li">x</code> characters, in this order. Each of these
    characters is replaced by the <code class="Li">-</code> character to denote
    that a permission is absent in the ACL entry. When converting from the text
    form to the internal representation, permissions that are absent need not be
    specified.</p>
<p class="Pp">White space is permitted at the beginning and end of each ACL
    entry, and immediately before and after a field separator (the colon
    character).</p>
<section class="Ss">
<h2 class="Ss" id="LONG_TEXT_FORM"><a class="permalink" href="#LONG_TEXT_FORM">LONG
  TEXT FORM</a></h2>
<p class="Pp">The long text form contains one ACL entry per line. In addition, a
    number sign (<code class="Li">#</code>) may start a comment that extends
    until the end of the line. If an ACL_USER, ACL_GROUP_OBJ or ACL_GROUP ACL
    entry contains permissions that are not also contained in the ACL_MASK
    entry, the entry is followed by a number sign, the string
    &#x201C;effective:&#x201D;, and the effective access permissions defined by
    that entry. This is an example of the long text form:</p>
<div class="Bd Pp Bd-indent Li">
<pre>user::rw-
user:lisa:rw-         #effective:r--
group::r--
group:toolies:rw-     #effective:r--
mask::r--
other::r--</pre>
</div>
</section>
<section class="Ss">
<h2 class="Ss" id="SHORT_TEXT_FORM"><a class="permalink" href="#SHORT_TEXT_FORM">SHORT
  TEXT FORM</a></h2>
<p class="Pp">The short text form is a sequence of ACL entries separated by
    commas, and is used for input. Comments are not supported. Entry tag type
    keywords may either appear in their full unabbreviated form, or in their
    single letter abbreviated form. The abbreviation for
    <code class="Li">user</code> is <code class="Li">u</code>, the abbreviation
    for <code class="Li">group</code> is <code class="Li">g</code>, the
    abbreviation for <code class="Li">mask</code> is <code class="Li">m</code>,
    and the abbreviation for <code class="Li">other</code> is
    <code class="Li">o</code>. The permissions may contain at most one each of
    the following characters in any order: <code class="Li">r</code>,
    <code class="Li">w</code>, <code class="Li">x</code>. These are examples of
    the short text form:</p>
<div class="Bd Pp Bd-indent Li">
<pre>u::rw-,u:lisa:rw-,g::r--,g:toolies:rw-,m::r--,o::r--
g:toolies:rw,u:lisa:rw,u::wr,g::r,o::r,m::r</pre>
</div>
</section>
</section>
<section class="Sh">
<h1 class="Sh" id="RATIONALE"><a class="permalink" href="#RATIONALE">RATIONALE</a></h1>
<p class="Pp">IEEE 1003.1e draft 17 defines Access Control Lists that include
    entries of tag type ACL_MASK, and defines a mapping between file permission
    bits that is not constant. The standard working group defined this
    relatively complex interface in order to ensure that applications that are
    compliant with IEEE 1003.1 (&#x201C;POSIX.1&#x201D;) will still function as
    expected on systems with ACLs. The IEEE 1003.1e draft 17 contains the
    rationale for choosing this interface in section B.23.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="CHANGES_TO_THE_FILE_UTILITIES"><a class="permalink" href="#CHANGES_TO_THE_FILE_UTILITIES">CHANGES
  TO THE FILE UTILITIES</a></h1>
<p class="Pp">On a system that supports ACLs, the file utilities
    <a class="Xr" href="ls.1.html">ls(1)</a>,
    <a class="Xr" href="cp.1.html">cp(1)</a>, and
    <a class="Xr" href="mv.1.html">mv(1)</a> change their behavior in the
    following way:</p>
<ul class="Bl-bullet">
  <li>For files that have a default ACL or an access ACL that contains more than
      the three required ACL entries, the
      <a class="Xr" href="ls.1.html">ls(1)</a> utility in the long form produced
      by <code class="Ic">ls -l</code> displays a plus sign
      (<code class="Li">+</code>) after the permission string.</li>
  <li>If the <code class="Fl">-p</code> flag is specified, the
      <a class="Xr" href="cp.1.html">cp(1)</a> utility also preserves ACLs. If
      this is not possible, a warning is produced.</li>
  <li>
    <br/>
     The <a class="Xr" href="mv.1.html">mv(1)</a> utility always preserves ACLs.
      If this is not possible, a warning is produced.</li>
</ul>
<p class="Pp">The effect of the <a class="Xr" href="chmod.1.html">chmod(1)</a>
    utility, and of the <a class="Xr" href="chmod.2.html">chmod(2)</a> system
    call, on the access ACL is described in
    <a class="Sx" href="#CORRESPONDENCE_BETWEEN_ACL_ENTRIES_AND_FILE_PERMISSION_BITS">CORRESPONDENCE
    BETWEEN ACL ENTRIES AND FILE PERMISSION BITS</a>.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="STANDARDS"><a class="permalink" href="#STANDARDS">STANDARDS</a></h1>
<p class="Pp">The IEEE 1003.1e draft 17 (&#x201C;POSIX.1e&#x201D;) document
    describes several security extensions to the IEEE 1003.1 standard. While the
    work on 1003.1e has been abandoned, many UNIX style systems implement parts
    of POSIX.1e draft 17, or of earlier drafts.</p>
<p class="Pp">Linux Access Control Lists implement the full set of functions and
    utilities defined for Access Control Lists in POSIX.1e, and several
    extensions. The implementation is fully compliant with POSIX.1e draft 17;
    extensions are marked as such. The Access Control List manipulation
    functions are defined in the ACL library (libacl, -lacl). The POSIX
    compliant interfaces are declared in the
    <code class="Li">&lt;sys/acl.h&gt;</code> header. Linux-specific extensions
    to these functions are declared in the
    <code class="Li">&lt;acl/libacl.h&gt;</code> header.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="NOTES"><a class="permalink" href="#NOTES">NOTES</a></h1>
<section class="Ss">
<h2 class="Ss" id="DENIED_PERMISSIONS_AND_LINUX_USER_NAMESPACES"><a class="permalink" href="#DENIED_PERMISSIONS_AND_LINUX_USER_NAMESPACES">DENIED
  PERMISSIONS AND LINUX USER NAMESPACES</a></h2>
<p class="Pp">While ACLs can be used to deny processes permissions based on the
    groups they are in, this is considered bad practice. Privileged helpers such
    as <a class="Xr" href="newuidmap.1.html">newuidmap(1)</a> can give
    unprivileged processes access to the
    <a class="Xr" href="setgroups.2.html">setgroups(2)</a> system call, which
    allows them to drop supplementary group membership and render restrictions
    based on that membership ineffective. For further details, see
    <a class="Xr" href="user_namespaces.7.html">user_namespaces(7)</a>.</p>
</section>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
  ALSO</a></h1>
<p class="Pp"><a class="Xr" href="chmod.1.html">chmod(1)</a>,
    <a class="Xr" href="creat.2.html">creat(2)</a>,
    <a class="Xr" href="getfacl.1.html">getfacl(1)</a>,
    <a class="Xr" href="ls.1.html">ls(1)</a>,
    <a class="Xr" href="mkdir.2.html">mkdir(2)</a>,
    <a class="Xr" href="mkfifo.2.html">mkfifo(2)</a>,
    <a class="Xr" href="mknod.2.html">mknod(2)</a>,
    <a class="Xr" href="mount.8.html">mount(8)</a>,
    <a class="Xr" href="open.2.html">open(2)</a>,
    <a class="Xr" href="setfacl.1.html">setfacl(1)</a>,
    <a class="Xr" href="stat.2.html">stat(2)</a>,
    <a class="Xr" href="umask.1.html">umask(1)</a></p>
<section class="Ss">
<h2 class="Ss" id="POSIX_1003.1e_DRAFT_17"><a class="permalink" href="#POSIX_1003.1e_DRAFT_17">POSIX
  1003.1e DRAFT 17</a></h2>
<p class="Pp"><a class="Xr" href="https://wt.tuxomania.net/publications/posix.1e/download.html.1.html">https://wt.tuxomania.net/publications/posix.1e/download.html</a></p>
</section>
<section class="Ss">
<h2 class="Ss" id="POSIX_1003.1e_FUNCTIONS_BY_CATEGORY"><a class="permalink" href="#POSIX_1003.1e_FUNCTIONS_BY_CATEGORY">POSIX
  1003.1e FUNCTIONS BY CATEGORY</a></h2>
<dl class="Bl-tag">
  <dt id="ACL"><a class="permalink" href="#ACL"><b class="Sy">ACL storage
    management</b></a></dt>
  <dd><a class="Xr" href="acl_dup.3.html">acl_dup(3)</a>,
      <a class="Xr" href="acl_free.3.html">acl_free(3)</a>,
      <a class="Xr" href="acl_init.3.html">acl_init(3)</a></dd>
  <dt id="ACL~2"><a class="permalink" href="#ACL~2"><b class="Sy">ACL entry
    manipulation</b></a></dt>
  <dd><a class="Xr" href="acl_copy_entry.3.html">acl_copy_entry(3)</a>,
      <a class="Xr" href="acl_create_entry.3.html">acl_create_entry(3)</a>,
      <a class="Xr" href="acl_delete_entry.3.html">acl_delete_entry(3)</a>,
      <a class="Xr" href="acl_get_entry.3.html">acl_get_entry(3)</a>,
      <a class="Xr" href="acl_valid.3.html">acl_valid(3)</a>
    <p class="Pp"><a class="Xr" href="acl_add_perm.3.html">acl_add_perm(3)</a>,
        <a class="Xr" href="acl_calc_mask.3.html">acl_calc_mask(3)</a>,
        <a class="Xr" href="acl_clear_perms.3.html">acl_clear_perms(3)</a>,
        <a class="Xr" href="acl_delete_perm.3.html">acl_delete_perm(3)</a>,
        <a class="Xr" href="acl_get_permset.3.html">acl_get_permset(3)</a>,
        <a class="Xr" href="acl_set_permset.3.html">acl_set_permset(3)</a></p>
    <p class="Pp"><a class="Xr" href="acl_get_qualifier.3.html">acl_get_qualifier(3)</a>,
        <a class="Xr" href="acl_get_tag_type.3.html">acl_get_tag_type(3)</a>,
        <a class="Xr" href="acl_set_qualifier.3.html">acl_set_qualifier(3)</a>,
        <a class="Xr" href="acl_set_tag_type.3.html">acl_set_tag_type(3)</a></p>
  </dd>
  <dt id="ACL~3"><a class="permalink" href="#ACL~3"><b class="Sy">ACL
    manipulation on an object</b></a></dt>
  <dd><a class="Xr" href="acl_delete_def_file.3.html">acl_delete_def_file(3)</a>,
      <a class="Xr" href="acl_get_fd.3.html">acl_get_fd(3)</a>,
      <a class="Xr" href="acl_get_file.3.html">acl_get_file(3)</a>,
      <a class="Xr" href="acl_set_fd.3.html">acl_set_fd(3)</a>,
      <a class="Xr" href="acl_set_file.3.html">acl_set_file(3)</a></dd>
  <dt id="ACL~4"><a class="permalink" href="#ACL~4"><b class="Sy">ACL format
    translation</b></a></dt>
  <dd><a class="Xr" href="acl_copy_entry.3.html">acl_copy_entry(3)</a>,
      <a class="Xr" href="acl_copy_ext.3.html">acl_copy_ext(3)</a>,
      <a class="Xr" href="acl_from_text.3.html">acl_from_text(3)</a>,
      <a class="Xr" href="acl_to_text.3.html">acl_to_text(3)</a>,
      <a class="Xr" href="acl_size.3.html">acl_size(3)</a></dd>
</dl>
</section>
<section class="Ss">
<h2 class="Ss" id="POSIX_1003.1e_FUNCTIONS_BY_AVAILABILITY"><a class="permalink" href="#POSIX_1003.1e_FUNCTIONS_BY_AVAILABILITY">POSIX
  1003.1e FUNCTIONS BY AVAILABILITY</a></h2>
<p class="Pp">The first group of functions is supported on most systems with
    POSIX-like access control lists, while the second group is supported on
    fewer systems. For applications that will be ported the second group is best
    avoided.</p>
<p class="Pp"><a class="Xr" href="acl_delete_def_file.3.html">acl_delete_def_file(3)</a>,
    <a class="Xr" href="acl_dup.3.html">acl_dup(3)</a>,
    <a class="Xr" href="acl_free.3.html">acl_free(3)</a>,
    <a class="Xr" href="acl_from_text.3.html">acl_from_text(3)</a>,
    <a class="Xr" href="acl_get_fd.3.html">acl_get_fd(3)</a>,
    <a class="Xr" href="acl_get_file.3.html">acl_get_file(3)</a>,
    <a class="Xr" href="acl_init.3.html">acl_init(3)</a>,
    <a class="Xr" href="acl_set_fd.3.html">acl_set_fd(3)</a>,
    <a class="Xr" href="acl_set_file.3.html">acl_set_file(3)</a>,
    <a class="Xr" href="acl_to_text.3.html">acl_to_text(3)</a>,
    <a class="Xr" href="acl_valid.3.html">acl_valid(3)</a></p>
<p class="Pp"><a class="Xr" href="acl_add_perm.3.html">acl_add_perm(3)</a>,
    <a class="Xr" href="acl_calc_mask.3.html">acl_calc_mask(3)</a>,
    <a class="Xr" href="acl_clear_perms.3.html">acl_clear_perms(3)</a>,
    <a class="Xr" href="acl_copy_entry.3.html">acl_copy_entry(3)</a>,
    <a class="Xr" href="acl_copy_ext.3.html">acl_copy_ext(3)</a>,
    <a class="Xr" href="acl_copy_int.3.html">acl_copy_int(3)</a>,
    <a class="Xr" href="acl_create_entry.3.html">acl_create_entry(3)</a>,
    <a class="Xr" href="acl_delete_entry.3.html">acl_delete_entry(3)</a>,
    <a class="Xr" href="acl_delete_perm.3.html">acl_delete_perm(3)</a>,
    <a class="Xr" href="acl_get_entry.3.html">acl_get_entry(3)</a>,
    <a class="Xr" href="acl_get_permset.3.html">acl_get_permset(3)</a>,
    <a class="Xr" href="acl_get_qualifier.3.html">acl_get_qualifier(3)</a>,
    <a class="Xr" href="acl_get_tag_type.3.html">acl_get_tag_type(3)</a>,
    <a class="Xr" href="acl_set_permset.3.html">acl_set_permset(3)</a>,
    <a class="Xr" href="acl_set_qualifier.3.html">acl_set_qualifier(3)</a>,
    <a class="Xr" href="acl_set_tag_type.3.html">acl_set_tag_type(3)</a>,
    <a class="Xr" href="acl_size.3.html">acl_size(3)</a></p>
</section>
<section class="Ss">
<h2 class="Ss" id="LINUX_EXTENSIONS"><a class="permalink" href="#LINUX_EXTENSIONS">LINUX
  EXTENSIONS</a></h2>
<p class="Pp">These non-portable extensions are available on Linux systems.</p>
<p class="Pp"><a class="Xr" href="acl_check.3.html">acl_check(3)</a>,
    <a class="Xr" href="acl_cmp.3.html">acl_cmp(3)</a>,
    <a class="Xr" href="acl_entries.3.html">acl_entries(3)</a>,
    <a class="Xr" href="acl_equiv_mode.3.html">acl_equiv_mode(3)</a>,
    <a class="Xr" href="acl_error.3.html">acl_error(3)</a>,
    <a class="Xr" href="acl_extended_fd.3.html">acl_extended_fd(3)</a>,
    <a class="Xr" href="acl_extended_file.3.html">acl_extended_file(3)</a>,
    <a class="Xr" href="acl_extended_file_nofollow.3.html">acl_extended_file_nofollow(3)</a>,
    <a class="Xr" href="acl_from_mode.3.html">acl_from_mode(3)</a>,
    <a class="Xr" href="acl_get_perm.3.html">acl_get_perm(3)</a>,
    <a class="Xr" href="acl_to_any_text.3.html">acl_to_any_text(3)</a></p>
</section>
</section>
<section class="Sh">
<h1 class="Sh" id="AUTHOR"><a class="permalink" href="#AUTHOR">AUTHOR</a></h1>
<p class="Pp">Andreas Gruenbacher, &lt;andreas.gruenbacher@gmail.com&gt;</p>
</section>
</div>
<table class="foot">
  <tr>
    <td class="foot-date">March 23, 2002</td>
    <td class="foot-os">Linux ACL</td>
  </tr>
</table>
</body>
</html>