There are several ways to represent an ACL, depending on how it's to be used.
- External form
- The exportable, contiguous, persistent representation of an ACL in user-managed space.
A program such as tar could (but currently doesn't) use this
representation so that it could
later restore the ACLs, even on a different filesystem.
- Internal form
- The internal representation of an ACL in working storage, which you'll work with in your program.
As described below, this form uses various data types to represent an ACL, its entries,
and each entry's tag and permissions.
- text form
- The structured textual representation of an ACL, such as
getfacl
and
setfacl
use.
The internal form uses the following data types:
- acl_t
- A pointer to an opaque ACL data structure in working storage.
- acl_entry_t
- An opaque descriptor for an entry in an ACL.
- acl_permset_t
- An opaque set of permissions in an ACL entry.
- acl_perm_t
- An individual permission; one of:
- ACL_EXECUTE
- ACL_READ
- ACL_WRITE
- acl_tag_t
- The type of tag; one of the following:
- ACL_GROUP — a named group.
- ACL_GROUP_OBJ — the owning group.
- ACL_MASK — the maximum permissions allowed for named users,
named groups, and the owning group.
- ACL_OTHER — users whose process attributes don't match any other
ACL entry; the “world”.
- ACL_USER — named users.
- ACL_USER_OBJ — the owning user.
- acl_type_t
- The type of ACL; one of:
You can use these functions to translate from one form of an ACL to another:
- acl_copy_ext()
- Copy an ACL from system space to user space (i.e., translate from the external form to the internal).
- acl_copy_int()
- Copy an ACL from user space to system space (i.e., translate from the internal form to the external).
- acl_from_text()
- Create an internal form of an ACL from a text form.
- acl_size()
- Determine the size of the external form of an ACL.
- acl_to_text()
- Convert an internal form of an ACL into a text form.