- get or set a file's Access Control List (ACL)
cc [ flag… ] file… -lsec [ library… ] #include <sys/acl.h> int *acl_get(const char *path, int flag, acl_t **aclp);
int *facl_get(int fd, int flag, acl_t **aclp);
int acl_set(const char *path, acl_t *aclp);
int facl_set(int fd, acl_t *aclp);
The acl_get() and facl_get() functions retrieve an Access Control List (ACL) of a file whose name is given by path or referenced by the open file descriptor fd. The flag argument specifies whether a trivial ACL should be retrieved. When the flag argument is ACL_NO_TRIVIAL, only ACLs that are not trivial will be retrieved. The ACL is returned in the aclp argument.
The acl_set() and facl_set() functions are used for setting an ACL of a file whose name is given by path or referenced by the open file descriptor fd. The aclp argument specifies the ACL to set.
The acl_get() and acl_set() functions support multiple types of ACLs. When possible, the acl_set() function translates an ACL to the target file's style of ACL. Currently this is only possible when translating from a POSIX-draft ACL such as on UFS to a file system that supports NFSv4 ACL semantics such as ZFS or NFSv4.
Upon successful completion, acl_get() and facl_get() return 0 and aclp is non-NULL. The aclp argument can be NULL after successful completion if the file had a trivial ACL and the flag argument was ACL_NO_TRIVIAL. Otherwise, -1 is returned and errno is set to indicate the error.
Upon successful completion, acl_set() and facl_set() return 0. Otherwise, -1 is returned and errno is set to indicate the error.
These functions will fail if:
The caller does not have access to a component of path.
A disk I/O error has occured while retrieving the ACL.
A component of the path does not exist.
The file system does not support ACLs.
The ACL supplied could not be translated to an NFSv4 ACL.
See attributes(5) for descriptions of the following attributes: