Scroll to navigation

ACL_EXTENDED_FILE(3) Library Functions Manual ACL_EXTENDED_FILE(3)

NAME

acl_extended_file, acl_extended_file_at, acl_extended_file_nofollowtest for information in ACLs by file name

LIBRARY

Linux Access Control Lists library (libacl, -lacl).

SYNOPSIS

#include <sys/types.h>
#include <acl/libacl.h>

int
acl_extended_file(const char *path_p);

int
acl_extended_file_at(int dirfd, const char *path_p, int at_flags);

int
acl_extended_file_nofollow(const char *path_p);

DESCRIPTION

The () function returns 1 if the file or directory whose pathname is given in path_p is associated with an extended access ACL, or if the directory referred to by path_p is associated with a default ACL. The function returns 0 if the file has neither an extended access ACL nor a default ACL. If path_p is a symbolic link, acl_extended_file() returns information about the file or directory the link refers to.

An extended ACL is an ACL that contains entries other than the three required entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER. If the result of the () function for a file object is 0, then ACLs define no discretionary access rights other than those already defined by the traditional file permission bits.

Access to the file object may be further restricted by other mechanisms, such as Mandatory Access Control schemes. The access(2) system call can be used to check whether a given type of access to a file object would be granted.

acl_extended_file_at()

The acl_extended_file_at() function operates in exactly the same way as acl_extended_file(), except for the differences described here.

If the pathname given in path_p is relative, then it is interpreted relative to the directory referred to by the file descriptor dirfd (rather than relative to the current working directory of the calling process, as is done by ()).

If path_p is relative and dirfd is the special value AT_FDCWD, then path_p is interpreted relative to the current working directory of the calling process (like ()).

If path_p is absolute, then dirfd is ignored.

The at_flags argument can either be 0, or include one or more of the following flags ORed:

If path_p is an empty string, operate on the file referred to by dirfd (which may have been obtained using the open(2) O_PATH flag). In this case, dirfd can refer to any type of file, not just a directory.
If path_p refers to a symbolic link, do not dereference it: instead, fail the operation and set the global variable errno to ENOTSUP. This indicates that the symbolic link cannot have ACLs.

acl_extended_nofollow()

The acl_extended_file_at() function operates in exactly the same way as acl_extended_file() with a dirfd value of AT_FDCWD and an at_flags value of AT_SYMLINK_NOFOLLOW.

RETURN VALUE

If successful, these functions return 1 if the file object referred to by path_p has an extended access ACL or a default ACL, and 0 if the file object referred to by path_p has neither an extended access ACL nor a default ACL. Otherwise, the value -1 is returned and the global variable errno is set to indicate the error.

ERRORS

If any of the following conditions occur, these functions return -1 and set errno to the corresponding value:

[]
Search permission is denied for a component of the path prefix.
[]
The argument path_p is relative but the argument dirfd is neither AT_FDCWD nor a valid file descriptor.
[]
An invalid flag was specified in the at_flags argument.
[]
The length of the argument path_p is too long.
[]
The named object does not exist or the argument path_p points to an empty string.
[]
A component of the path prefix is not a directory.

The argument path_p is relative and the argument dirfd is a file descriptor referring to a file other than a directory.

[]
The argument at_flags includes the flag AT_SYMLINK_NOFOLLOW and path_p is a symbolic link.

The file system on which the file identified by path_p is located does not support ACLs, or ACLs are disabled.

STANDARDS

This is a non-portable, Linux specific extension to the ACL manipulation functions defined in IEEE Std 1003.1e draft 17 (“POSIX.1e”, abandoned).

SEE ALSO

access(2), acl_get_file(3), acl(5)

AUTHOR

Written by Andreas Gruenbacher ⟨andreas.gruenbacher@gmail.com⟩.

June 5, 2026 Linux ACL