table of contents
| ACL_EXTENDED_FILE(3) | Library Functions Manual | ACL_EXTENDED_FILE(3) |
NAME¶
acl_extended_file,
acl_extended_file_at,
acl_extended_file_nofollow —
test for information in ACLs by file name
LIBRARY¶
Linux Access Control Lists library (libacl, -lacl).
SYNOPSIS¶
#include
<sys/types.h>
#include <acl/libacl.h>
int
acl_extended_file(const char
*path_p);
int
acl_extended_file_at(int dirfd,
const char *path_p, int
at_flags);
int
acl_extended_file_nofollow(const char
*path_p);
DESCRIPTION¶
The
acl_extended_file()
function returns 1 if the file or directory whose
pathname is given in path_p is associated with an
extended access ACL, or if the directory referred to by
path_p is associated with a default ACL. The function
returns 0 if the file has neither an extended access
ACL nor a default ACL. If path_p is a symbolic link,
acl_extended_file() returns information about the
file or directory the link refers to.
An extended ACL is an ACL that contains
entries other than the three required entries of tag types ACL_USER_OBJ,
ACL_GROUP_OBJ and ACL_OTHER. If the result of the
acl_extended_file()
function for a file object is 0, then ACLs define no
discretionary access rights other than those already defined by the
traditional file permission bits.
Access to the file object may be further restricted by other mechanisms, such as Mandatory Access Control schemes. The access(2) system call can be used to check whether a given type of access to a file object would be granted.
acl_extended_file_at()¶
The acl_extended_file_at() function
operates in exactly the same way as
acl_extended_file(), except for the differences
described here.
If the pathname given in
path_p is relative, then it is interpreted relative to
the directory referred to by the file descriptor dirfd
(rather than relative to the current working directory of the calling
process, as is done by
acl_extended_file()).
If path_p is
relative and dirfd is the special value
AT_FDCWD, then path_p is
interpreted relative to the current working directory of the calling process
(like
acl_extended_file()).
If path_p is absolute, then dirfd is ignored.
The at_flags argument can either be 0, or include one or more of the following flags ORed:
AT_EMPTY_PATH- If path_p is an empty string, operate on the file
referred to by dirfd (which may have been obtained
using the open(2)
O_PATHflag). In this case, dirfd can refer to any type of file, not just a directory. AT_SYMLINK_NOFOLLOW- If path_p refers to a symbolic link, do not
dereference it: instead, fail the operation and set the global variable
errno to
ENOTSUP. This indicates that the symbolic link cannot have ACLs.
acl_extended_nofollow()¶
The acl_extended_file_at() function
operates in exactly the same way as
acl_extended_file() with a
dirfd value of AT_FDCWD and an
at_flags value of
AT_SYMLINK_NOFOLLOW.
RETURN VALUE¶
If successful, these functions return 1 if
the file object referred to by path_p has an extended
access ACL or a default ACL, and 0 if the file
object referred to by path_p has neither an extended
access ACL nor a default ACL. Otherwise, the value
-1 is returned and the global variable
errno is set to indicate the error.
ERRORS¶
If any of the following conditions occur, these functions return
-1 and set errno to the
corresponding value:
- [
EACCES] - Search permission is denied for a component of the path prefix.
- [
EBADF] - The argument path_p is relative but the argument
dirfd is neither
AT_FDCWDnor a valid file descriptor. - [
EINVAL] - An invalid flag was specified in the at_flags argument.
- [
ENAMETOOLONG] - The length of the argument path_p is too long.
- [
ENOENT] - The named object does not exist or the argument path_p points to an empty string.
- [
ENOTDIR] - A component of the path prefix is not a directory.
The argument path_p is relative and the argument dirfd is a file descriptor referring to a file other than a directory.
- [
ENOTSUP] - The argument at_flags includes the flag
AT_SYMLINK_NOFOLLOWand path_p is a symbolic link.The file system on which the file identified by path_p is located does not support ACLs, or ACLs are disabled.
STANDARDS¶
This is a non-portable, Linux specific extension to the ACL manipulation functions defined in IEEE Std 1003.1e draft 17 (“POSIX.1e”, abandoned).
SEE ALSO¶
AUTHOR¶
Written by Andreas Gruenbacher ⟨andreas.gruenbacher@gmail.com⟩.
| June 5, 2026 | Linux ACL |