The ACL configuration file format is intended to facilitate both generation and parsing.
An ACL configuration file consists of zero or more text descriptors. A descriptor specifies properties of a PPS object path. In particular, it specifies access permissions (owner, mode, and ACL). A descriptor also records other important properties of the object, including whether it's a server object; whether it's persistent, and whether it should be created if it's missing on startup.
A descriptor consists of two or more nonblank lines of text followed by a blank line (or end of file). The two mandatory lines of text define the:
These two mandatory lines may optionally be followed by an ACL, in either short or long text form.
The permissions described by the ACL (if one is present) take precedence over those specified in the details line. An ACL must be of a form usable by the acl_from_text() function (i.e., either short or long text form). The ACL must also be complete and valid according to acl_valid(). Specifically, an extended ACL must include an explicit ACL_MASK entry. No mask is computed if one is missing.
Leading and trailing whitespace are stripped from lines before processing.
Comments are introduced by the "#" character, and run to the end of the line; they are syntactically equivalent to whitespace.
Paths must be specified relative to the PPS mountpoint. They may not contain:
Paths for directories must end with a single separator character.
The details line must not contain extraneous whitespace, and must be of the form:
user:group:mode[:property[,property...]]
where:
The properties are optional and consist of zero or more of the following:
Property | Description |
---|---|
O_CREAT | The object should be created if it's missing. |
nopersist | Disable persistence for this object and its attributes. |
server | Treat the object as a server object. |
The following example shows ACL configurations for a directory with an ACL in short text form, and for a file:
a/directory/ nobody:nobody:2711:O_CREAT # comment user::rwx group::x other::x mask::x # comment group:nto:x a/directory/file nobody:nobody:640