330 Chapter 17
Overview
The functions that constitute the ACL API are listed in the acl(5) manual page. At
first sight, this plethora of functions and data structures can seem bewildering.
Figure 17-2 provides an overview of the relationship between the various data
structures and indicates the use of many of the ACL functions.Figure 17-2: Relationship between ACL library functions and data structuresFrom Figure 17-2, we can see that the ACL API considers an ACL as a hierarchical
object:z An ACL consists of one or more ACL entries.
z Each ACL entry consists of a tag type, an optional tag qualifier, and a permis-
sion set.acl_get_entry()(^)
acl_settag
type()
acl_get_tag
_type()
acl_get_qualifier()acl_set_qualifier()
acl_get_permset()
acl_set_permset()
(^)
(Repeated acl_get_entry()
calls can be used to
retrieve all ACL entries)
acl_get_perm(),
acl_add_perm(),
acl_delete_perm(),
acl_clear_perms()
File ACL
(on disk)
acl_permset_t
(permission
set)
acl_t
(in-memory
ACL)
acl_type_t
(tag type;
integer)
acl_entry_t
(ACL entry)
void *
(tag qualifier;
pointer to
uid_t orgid_t)
acl_entry_t
(ACL entry)
acl_entry_t
(ACL entry)
acl_create_entry(),
acl_delete_entry()
Text form
ACL
acl_get_f
ile()
acl_set_file()
acl_to_t
ext()
acl_from_text()