ACL configuration file format

Descriptors

An ACL configuration file consists of zero or more text descriptors. A descriptor specifies properties of a PPS object path. In particular, it specifies access permissions (owner, mode, and ACL). A descriptor also records other important properties of the object, including whether it's a server object; whether it's persistent, and whether it should be created if it's missing on startup.

Descriptor format

A descriptor consists of two or more nonblank lines of text followed by a blank line (or end of file). The two mandatory lines of text define the:

file or directory path
file or directory details

These two mandatory lines may optionally be followed by an ACL, in either short or long text form.

The permissions described by the ACL (if one is present) take precedence over those specified in the details line. An ACL must be of a form usable by the acl_from_text() function (i.e., either short or long text form). The ACL must also be complete and valid according to acl_valid(). Specifically, an extended ACL must include an explicit ACL_MASK entry. No mask is computed if one is missing.

Leading and trailing whitespace are stripped from lines before processing.

Comments are introduced by the "#" character, and run to the end of the line; they are syntactically equivalent to whitespace.

Paths

Paths must be specified relative to the PPS mountpoint. They may not contain:

extraneous path separators or relative components such as "." or ".."
leading or trailing whitespaces
the "#" character

Paths for directories must end with a single separator character.

Details

The details line must not contain extraneous whitespace, and must be of the form:

user:group:mode[:property[,property...]]

where:

user is the file or directory owner
group is the file or directory group
mode is a bit map of file permissions: read, write, and execute for user, group, and other (as well as the setuid, setgid, and sticky bits), stored as an octal number

The properties are optional and consist of zero or more of the following:

Property	Description
O_CREAT	The object should be created if it's missing.
nopersist	Disable persistence for this object and its attributes.
server	Treat the object as a server object.

Sample ACL configuration file

The following example shows ACL configurations for a directory with an ACL in short text form, and for a file:

a/directory/
nobody:nobody:2711:O_CREAT # comment
user::rwx
group::x
other::x
mask::x                    # comment
group:nto:x

a/directory/file
nobody:nobody:640