Solaris::ACL - Perl extension for reading and setting Solaris Access Control Lists for files
use Solaris::ACL; ($acl, $default_acl) = getfacl("path/to/file"); setfacl("path/to/file", $acl [, $default_acl]);
This module provides access to the system level
acl(2) call, allowing efficient setting and reading of Access Control Lists (ACLs) in perl.
ACL provides the following functions:
Set the ACL of the file or directory named by
$path to that specified by
$path names a directory, then the optional
$default_acl argument can also be passed to specify the default ACL for the directory. See "ACL structure" for information on how the
$default_acl hashes should be constructed.
Return a reference to a hash containing information about the file's ACL. If the file is a directory with a default ACL, then a list is returned, with the first entry being a hash reference to the ACL, and the second being a hash reference to the default ACL. See "Accessing ACL structures" for information on how to access these hashes, and "ACL structure" for information on how these hashes are internally constructed.
The structures returned by the getfacl call are blessed into the Solaris::ACL package, and can be inspected and changed using methods from that class. In most cases, the same method can be used for inspecting or setting values; a value is set if data is given to set it with; otherwise, it is inspected and returned. The following accessor methods are defined:
Without an argument, each of these methods returns the permission for the corresponding entity (user, group, other, or file mask). With an argument, they set the permission to that argument. For example:
$user_perm = $acl->uperm; # find out current owner permissions. $acl->operm(5); # give others read-execute permissions.
If no mask is set in the ACL,
mask returns -1.
Without arguments, return a list of users (by uid) or groups (by gid) with special ACL access. When passed a uid/gid as an argument, return the permission for the given user/group, or -1 if no permission is set in the ACL. When passed a uid/gid and a permission, give the specified user/group the indicated permission; if the permission is -1, remove any permissions for the specified user/group.
Calculate the mask for the acl, as would the
-r flag of setfacl.
Check to see if the acl is equal to
$acl2. Returns 1 if equal, 0 otherwise.
Create a new blessed acl with permissions for user, group and other determined by mode.
$acl = new Solaris::ACL(0741); $acl->users(scalar(getpwnam("iroberts"),2); $acl->users(scalar(getpwnam("rdb"),0); $acl->calc_mask; $def_acl = new Solaris::ACL(0751); setfacl("working_dir", $acl, $def_acl); ($acl1, $def_acl1) = getfacl("working_dir"); print "All is well\n" if($acl->equal($acl1)); $acl2 = getfacl("working_file"); print "uids with acls set: ", join(", ", $acl2->users), "\n"; print "uid 29 had permission ", $acl2->users(29), "\n"; $acl2->users(29,6); $acl2->calc_mask; setfacl("working_file", $acl2) print "uid 29 now has permission 6\n"; # to copy an acl from one file or directory to another; setfacl($target_file, getfacl($source_file));
setfacl returns TRUE if successful and FALSE if unsuccessful.
getfacl, if successful, returns a list containing a reference to the hash describing an acl, and, if there is a default acl, a reference to the hash describing the default acl. If unsuccessful,
getfacl returns a null list. If either
getfacl are unsuccessful, the variable
$Solaris::ACL::error is set to a descriptive error string; in addition, if the failure was due to a system error,
$! is set.
WARNING: The internal structures described here are subject to change in future versions.
All information passed to
setfacl returned from
getfacl is in the form of references to hashes. A hash describing an ACL can have the following keys:
Each of these keys have values containing permissions for the corresponding entity (user, group, other, mask).
Each of these keys (if existent) contain a reference to a hash whose keys are decimal representations of numbers, and whose values contain permissions for the user/group whose uid/gid is the number in the key.
No checking is done on data types; bad data will result in strange error message being placed in
Ian Robertson <email@example.com>
perl(1), getfacl(1), setfacl(1), acl(2)