Chapter 11: Extended Attributes and Access Control Lists
unsigned int a_count;
struct posix_acl_entry a_entries[0];
};Each entry contains a tag, a permission, and a (user or group) ID to which the ACL refers. All ACLs
belonging to a given inode are collected bystruct posix_acl. The number of ACL entries is given by
a_count; since the array that contains all entries is located at the bottom of the structure, there is no limit
on the number of entries except for the maximal size of an extended attribute.a_refcountis a standard
reference counter.
Symbolic constants for the ACL type, the tag, and the permissions are given by the following pre-
processor definitions:
<posix_acl.h>
/* a_type field in acl_user_posix_entry_t */
#define ACL_TYPE_ACCESS (0x8000)
#define ACL_TYPE_DEFAULT (0x4000)/* e_tag entry in struct posix_acl_entry */
#define ACL_USER_OBJ (0x01)
#define ACL_USER (0x02)
#define ACL_GROUP_OBJ (0x04)
#define ACL_GROUP (0x08)
#define ACL_MASK (0x10)
#define ACL_OTHER (0x20)/* permissions in the e_perm field */
#define ACL_READ (0x04)
#define ACL_WRITE (0x02)
#define ACL_EXECUTE (0x01)The kernel defines another set of data structures similar to the ones presented above for xattr representa-
tion of ACLs. However, this time they are supposed to be used for external interaction with userland:
<posix_acl_xattr.h>
typedef struct {
__le16 e_tag;
__le16 e_perm;
__le32 e_id;
} posix_acl_xattr_entry;typedef struct {
__le32 a_version;
posix_acl_xattr_entry a_entries[0];
} posix_acl_xattr_header;The structures used for internal and external representation are quite similar except that types with
defined endianness (see Appendix A.8) and explicit bit length are used for the latter purpose; addition-
ally, no reference counting is necessary for the on-disk representation.
Two functions to convert back and forth between the references are available:posix_acl_from_xattr
andposix_acl_from_xattr. Since the translation is purely mechanical, it is not necessary to discuss