aclsort(3C)
aclsort --
sort an Access Control List
Synopsis
#include <sys/types.h>
#include <acl.h>
int aclsort(int nentries, int calclass, struct acl aclbufp);
Description
The aclsort routine
sorts Access Control List (ACL) entries into the correct order to be
accepted by the
acl
system call.
aclbufp
points to a buffer containing ACL entries;
calclass, if non-zero, indicates that the CLASS_OBJ permissions
should be recalculated;
and
nentries
specifies the number of ACL entries in the buffer.
aclsort
sorts the contents of the ACL buffer as follows:
-
Entries will be in order USER_OBJ, USER, GROUP_OBJ,
GROUP, CLASS_OBJ,
OTHER_OBJ,
DEF_USER_OBJ, DEF_USER, DEF_GROUP_OBJ,
DEF_GROUP, DEF_CLASS_OBJ,
and DEF_OTHER_OBJ.
-
Entries of type USER, GROUP, DEF_USER, and DEF_GROUP
will be sorted in increasing order by id.
The aclsort call
will succeed if all of the following are true:
-
There is exactly one entry each of type USER_OBJ, GROUP_OBJ,
CLASS_OBJ, and OTHER_OBJ.
-
There is at most one entry each of type DEF_USER_OBJ, DEF_GROUP_OBJ,
DEF_CLASS_OBJ, and DEF_OTHER_OBJ.
-
Entries of type USER, GROUP, DEF_USER,
or DEF_GROUP may not contain duplicate entries.
A duplicate entry is one of the same type containing the same numeric id.
-
If the calclass argument is zero and there are no entries of type
USER and no entries of type GROUP, the permissions of the GROUP_OBJ
and CLASS_OBJ entries must be the same.
-
If there are no entries of type DEF_USER and no entries of type
DEF_GROUP, and the DEF_GROUP_OBJ entry is specified,
then the DEF_CLASS_OBJ entry must also be specified,
and the permissions of the DEF_GROUP_OBJ and
DEF_CLASS_OBJ entries must be the same.
Return values
Upon successful completion, the return value is 0.
If there are duplicate entries, the return value is the position of the
first duplicate entry.
If there is more than one entry of type USER_OBJ, GROUP_OBJ,
CLASS_OBJ, OTHER_OBJ, DEF_USER_OBJ,
DEF_GROUP_OBJ, DEF_CLASS_OBJ or DEF_OTHER_OBJ,
they are treated as duplicate entries, and the return value is
the position of the first duplicate entry.
For all other errors, the return value is -1.
References
acl(2)
Notices
-
The buffer is sorted by type and id before checking for any failures.
Therefore the buffer is always sorted, even if there is a failure.
-
The position of a duplicate entry returned on failure is not the byte offset of
the duplicate entry from its base, rather it refers to the entry number
of the duplicate entry within the sorted buffer.
-
Checks will be performed in order of entry type.
If there are multiple failures, the failure returned will be the first
encountered,
for example, if the ACL buffer contains a duplicate USER entry
and does not contain an OTHER_OBJ entry, the return value will be the first
duplicate USER entry.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004