NAME

Solaris::ACL - Perl extension for reading and setting Solaris Access Control Lists for files

SYNOPSIS

use Solaris::ACL;
($acl, $default_acl) = getfacl("path/to/file");
setfacl("path/to/file", $acl [, $default_acl]);

DESCRIPTION

This module provides access to the system level acl(2) call, allowing efficient setting and reading of Access Control Lists (ACLs) in perl.

ACL provides the following functions:

setfacl($path, $acl [, $default_acl])

Set the ACL of the file or directory named by $path to that specified by $acl. If $path names a directory, then the optional $default_acl argument can also be passed to specify the default ACL for the directory. See "ACL structure" for information on how the $acl and $default_acl hashes should be constructed.

getfacl($file_name)

Return a reference to a hash containing information about the file's ACL. If the file is a directory with a default ACL, then a list is returned, with the first entry being a hash reference to the ACL, and the second being a hash reference to the default ACL. See "Accessing ACL structures" for information on how to access these hashes, and "ACL structure" for information on how these hashes are internally constructed.

Accessing ACL structures

The structures returned by the getfacl call are blessed into the Solaris::ACL package, and can be inspected and changed using methods from that class. In most cases, the same method can be used for inspecting or setting values; a value is set if data is given to set it with; otherwise, it is inspected and returned. The following accessor methods are defined:

uperm
gperm
operm
mask

Without an argument, each of these methods returns the permission for the corresponding entity (user, group, other, or file mask). With an argument, they set the permission to that argument. For example:

$user_perm = $acl->uperm;  # find out current owner permissions.
$acl->operm(5);            # give others read-execute permissions.
users
groups

Without arguments, return a list of users (by uid) or groups (by gid) with special ACL access. When passed a uid/gid as an argument, return the permission for the given user/group. When passed a uid/gid and a permission, give the specified user/group the indicated permission; if the permission is -1, remove any permissions for the specified user/group.

calc_mask

Calculate the mask for the acl, as would the -r flag of setfacl.

equal($acl2)

Check to see if the acl is equal to $acl2. Returns 1 if equal, 0 otherwise.

Solaris::ACL->new($mode)

Create a new blessed acl with permissions for user, group and other determined by mode.

ACL structure

All information passed to setfacl returned from getfacl is in the form of references to hashes. A hash describing an ACL can have the following keys:

uperm
gperm
operm
mask

Each of these keys have values containing permissions for the corresponding entity (user, group, other, mask).

users
groups

Each of these keys (if existent) contain a reference to a hash whose keys are decimal representations of numbers, and whose values contain permissions for the user/group whose uid/gid is the number in the key.

EXAMPLES

  $acl = new Solaris::ACL(0741);
  $acl->users(scalar(getpwnam("iroberts"),2);
  $acl->users(scalar(getpwnam("rdb"),0);
  $acl->calc_mask;

  $def_acl = new Solaris::ACL(0751);

  # or:

  $acl =     { uperm => 7,
	       gperm => 4,
	       operm => 1,
	       mask => 6,
               users => { scalar(getpwnam("iroberts")) => 2,
                         scalar(getpwnam("rdb")) => 0
                       }
	     };

  $def_acl = { uperm => 7,
	       gperm => 5,
	       operm => 1,
	     };

  setfacl("working_dir", $acl, $def_acl);

  ($acl1, $def_acl1) = getfacl("working_dir");

  print "All is well\n" if($acl->equal($acl1));

  $acl2 = getfacl("working_file");
  print "uids with acls set: ", join(", ", $acl2->users), "\n";
  print "uid 29 had permission ", $acl2->users(29), "\n";
  $acl2->users(29,6);
  $acl2->calc_mask;
  setfacl("working_file", $acl2)
  print "uid 29 now has permission 6\n";


  # to copy an acl from one file or directory to another:
  setfacl($source_file, getfacl($target_file));

RETURN VALUES

setfacl returns TRUE if successful and FALSE if unsuccessful. getfacl, if successful, returns a list containing a reference to the hash describing an acl, and, if there is a default acl, a reference to the hash describing the default acl. If unsuccessful, getfacl returns a null list. If either setfacl or getfacl are unsuccessful, the variable $Solaris::ACL::error is set to a descriptive error string; in addition, if the failure was due to a system error, $! is set.

BUGS

No checking is done on data types; bad data will result in strange error message being placed in $Solaris::ACL::errors.

AUTHOR

Ian Robertson <ian@lugh.uchicago.edu>

SEE ALSO

perl(1), getfacl(1), setfacl(1), acl(2)