ARCHIVE_ENTRY_ACL(3) | Library Functions Manual | ARCHIVE_ENTRY_ACL(3) |
archive_entry_acl_add_entry
,
archive_entry_acl_add_entry_w
,
archive_entry_acl_clear
,
archive_entry_acl_count
,
archive_entry_acl_from_text
,
archive_entry_acl_from_text_w
,
archive_entry_acl_next
,
archive_entry_acl_reset
,
archive_entry_acl_to_text
,
archive_entry_acl_to_text_w
,
archive_entry_acl_types
—
functions for manipulating Access Control Lists in archive
entry descriptions
Streaming Archive Library (libarchive, -larchive)
#include
<archive_entry.h>
void
archive_entry_acl_add_entry
(struct
archive_entry *a, int type, int
permset, int tag, int
qualifier, const char *name);
void
archive_entry_acl_add_entry_w
(struct
archive_entry *a, int type, int
permset, int tag, int
qualifier, const wchar_t *name);
void
archive_entry_acl_clear
(struct
archive_entry *a);
int
archive_entry_acl_count
(struct
archive_entry *a, int
type);
int
archive_entry_acl_from_text
(struct
archive_entry *a, const char *text,
int type);
int
archive_entry_acl_from_text_w
(struct
archive_entry *a, const wchar_t *text,
int type);
int
archive_entry_acl_next
(struct
archive_entry *a, int type, int
*ret_type, int *ret_permset, int
*ret_tag, int *ret_qual, const
char **ret_name);
int
archive_entry_acl_reset
(struct
archive_entry *a, int
type);
char *
archive_entry_acl_to_text
(struct
archive_entry *a, ssize_t *len_p,
int flags);
wchar_t *
archive_entry_acl_to_text_w
(struct
archive_entry *a, ssize_t *len_p,
int flags);
int
archive_entry_acl_types
(struct
archive_entry *a);
The “Access Control Lists (ACLs)” extend the
standard Unix permission model. The ACL interface of
libarchive
supports both POSIX.1e and NFSv4 style
ACLs. Use of ACLs is restricted by various levels of ACL support in
operating systems, file systems and archive formats.
A POSIX.1e ACL consists of a number of independent entries. Each entry specifies the permission set as a bitmask of basic permissions. Valid permissions in the permset are:
The permissions correspond to the normal Unix permissions.The tag specifies the principal to which the permission applies. Valid values are:
ARCHIVE_ENTRY_ACL_USER
ARCHIVE_ENTRY_ACL_USER_OBJ
ARCHIVE_ENTRY_ACL_GROUP
ARCHIVE_ENTRY_ACL_GROUP_OBJ
ARCHIVE_ENTRY_ACL_MASK
ARCHIVE_ENTRY_ACL_OTHER
The principals ARCHIVE_ENTRY_ACL_USER_OBJ
,
ARCHIVE_ENTRY_ACL_GROUP_OBJ
and
ARCHIVE_ENTRY_ACL_OTHER
are equivalent to user,
group and other in the classic Unix permission model and specify
non-extended ACL entries.
All files have an access ACL
(ARCHIVE_ENTRY_ACL_TYPE_ACCESS
). This specifies the
permissions required for access to the file itself. Directories have an
additional ACL (ARCHIVE_ENTRY_ACL_TYPE_DEFAULT
),
which controls the initial access ACL for newly-created directory
entries.
A NFSv4 ACL consists of multiple individual entries called Access Control Entries (ACEs).
There are four possible types of a NFSv4 ACE:
ARCHIVE_ENTRY_ACL_TYPE_ALLOW
ARCHIVE_ENTRY_ACL_TYPE_DENY
ARCHIVE_ENTRY_ACL_TYPE_AUDIT
ARCHIVE_ENTRY_ACL_TYPE_ALARM
The tag specifies the principal to which the permission applies. Valid values are:
ARCHIVE_ENTRY_ACL_USER
ARCHIVE_ENTRY_ACL_USER_OBJ
ARCHIVE_ENTRY_ACL_GROUP
ARCHIVE_ENTRY_ACL_GROUP_OBJ
ARCHIVE_ENTRY_ACL_EVERYONE
Entries with the ARCHIVE_ENTRY_ACL_USER
or
ARCHIVE_ENTRY_ACL_GROUP
tag store the user and group
name in the name string and optionally the user or
group ID in the qualifier integer.
NFSv4 ACE permissions and flags are stored in the same permset bitfield. Some permissions share the same constant and permission character but have different effect on directories than on files. The following ACE permissions are supported:
ARCHIVE_ENTRY_ACL_READ_DATA
(r)ARCHIVE_ENTRY_ACL_LIST_DIRECTORY
(r)ARCHIVE_ENTRY_ACL_EXECUTE
(x)ARCHIVE_ENTRY_ACL_APPEND_DATA
(p)ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY
(p)ARCHIVE_ENTRY_ACL_DELETE_CHILD
(D)ARCHIVE_ENTRY_ACL_DELETE
(d)ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES
(a)ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES
(A)ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS
(R)ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS
(W)ARCHIVE_ENTRY_ACL_READ_ACL
(c)ARCHIVE_ENTRY_ACL_WRITE_ACL
(C)ARCHIVE_ENTRY_ACL_WRITE_OWNER
(o)ARCHIVE_ENTRY_ACL_SYNCHRONIZE
(s)The following NFSv4 ACL inheritance flags are supported:
ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT
(f)ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT
(d)ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY
(i)ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT
(n)ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS
(S)ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS
(F)ARCHIVE_ENTRY_ACL_ENTRY_INHERITED
(I)archive_entry_acl_add_entry
()
and
archive_entry_acl_add_entry_w
()
add a single ACL entry. For the access ACL and non-extended principals, the
classic Unix permissions are updated. An archive entry cannot contain both
POSIX.1e and NFSv4 ACL entries.
archive_entry_acl_clear
()
removes all ACL entries and resets the enumeration pointer.
archive_entry_acl_count
()
counts the ACL entries that have the given type mask.
type can be the bitwise-or of
ARCHIVE_ENTRY_ACL_TYPE_ACCESS
is included and at least
one extended ACL entry is found, the three non-extended ACLs are added.
archive_entry_acl_from_text
()
and
archive_entry_acl_from_text_w
()
add new (or merge with existing) ACL entries from (wide) text. The argument
type may take one of the following values:
archive_entry_acl_to_text
() or respectively
archive_entry_acl_to_text_w
(). Existing ACL entries
are preserved. To get a clean new ACL from text
archive_entry_acl_clear
() must be called first.
Entries prefixed with “default:” are treated as
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT
unless
type is
ARCHIVE_ENTRY_ACL_TYPE_NFS4
. Invalid entries,
non-parseable ACL entries and entries beginning with the ‘#’
character (comments) are skipped.
archive_entry_acl_next
()
return the next entry of the ACL list. This functions may only be called
after archive_entry_acl_reset
() has indicated the
presence of extended ACL entries.
archive_entry_acl_reset
()
prepare reading the list of ACL entries with
archive_entry_acl_next
(). The function returns 0 if
no non-extended ACLs are found. In this case, the access permissions should
be obtained by
archive_entry_mode(3) or
set using chmod(2). Otherwise, the
function returns the same value as
archive_entry_acl_count
().
archive_entry_acl_to_text
()
and
archive_entry_acl_to_text_w
()
convert the ACL entries for the given type into a (wide) string of ACL
entries separated by newline. If the pointer len_p is
not NULL, then the function shall return the length of the string (not
including the NULL terminator) in the location pointed to by
len_p. The flag argument is a
bitwise-or.
The following flags are effective only on POSIX.1e ACL:
ARCHIVE_ENTRY_ACL_TYPE_ACCESS
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT
ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT
ARCHIVE_ENTRY_ACL_STYLE_SOLARIS
The following flags are effecive only on NFSv4 ACL:
ARCHIVE_ENTRY_ACL_STYLE_COMPACT
The following flags are effective on both POSIX.1e and NFSv4 ACL:
ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID
ARCHIVE_ENTRY_ACL_STYLE_SEPARATOR_COMMA
If the archive entry contains NFSv4 ACLs, all types of NFSv4 ACLs
are returned. It the entry contains POSIX.1e ACLs and none of the flags
ARCHIVE_ENTRY_ACL_TYPE_ACCESS
or
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT
are specified, both
access and default entries are returned and default entries are prefixed
with “default:”.
archive_entry_acl_types
()
get ACL entry types contained in an archive entry's ACL. As POSIX.1e and
NFSv4 ACL entries cannot be mixed, this function is a very efficient way to
detect if an ACL already contains POSIX.1e or NFSv4 ACL entries.
archive_entry_acl_count
() and
archive_entry_acl_reset
() returns the number of ACL
entries that match the given type mask. For POSIX.1e ACLS if the type mask
includes ARCHIVE_ENTRY_ACL_TYPE_ACCESS
and at least
one extended ACL entry exists, the three classic Unix permissions are
counted.
archive_entry_acl_from_text
() and
archive_entry_acl_from_text_w
() return
ARCHIVE_OK
if all entries were successfully parsed
and ARCHIVE_WARN
if one or more entries were invalid
or non-parseable.
archive_entry_acl_next
() returns
ARCHIVE_OK
on success,
ARCHIVE_EOF
if no more ACL entries exist and
ARCHIVE_WARN
if
archive_entry_acl_reset
() has not been called
first.
archive_entry_acl_to_text
() returns a
string representing the ACL entries matching the given type and flags on
success or NULL on error.
archive_entry_acl_to_text_w
() returns a
wide string representing the ACL entries matching the given type and flags
on success or NULL on error.
archive_entry_acl_types
() returns a
bitmask of ACL entry types or 0 if archive entry has no ACL entries.
February 15, 2017 | macOS 15.2 |