From owner-p4-projects@FreeBSD.ORG Sun Aug 10 21:30:52 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 007661065672; Sun, 10 Aug 2008 21:30:52 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8FD11065696 for ; Sun, 10 Aug 2008 21:30:51 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 590058FC0A for ; Sun, 10 Aug 2008 21:30:51 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7ALUpZR078642 for ; Sun, 10 Aug 2008 21:30:51 GMT (envelope-from trasz@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7ALUpBO078640 for perforce@freebsd.org; Sun, 10 Aug 2008 21:30:51 GMT (envelope-from trasz@freebsd.org) Date: Sun, 10 Aug 2008 21:30:51 GMT Message-Id: <200808102130.m7ALUpBO078640@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to trasz@freebsd.org using -f From: Edward Tomasz Napierala To: Perforce Change Reviews Cc: Subject: PERFORCE change 147107 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2008 21:30:52 -0000 http://perforce.freebsd.org/chv.cgi?CH=147107 Change 147107 by trasz@trasz_traszkan on 2008/08/10 21:30:24 Kernel manual pages. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/TODO#37 edit .. //depot/projects/soc2008/trasz_nfs4acl/share/man/man9/Makefile#4 edit .. //depot/projects/soc2008/trasz_nfs4acl/share/man/man9/acl.9#2 edit .. //depot/projects/soc2008/trasz_nfs4acl/share/man/man9/vaccess_acl_nfs4.9#1 add Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/TODO#37 (text+ko) ==== @@ -8,9 +8,11 @@ - Enhance fstest with checks for NFS4 ACL functionality. -- Update acl(9) manual page. +- Add the manual page for acl_get_brand_np. + +- Add the information about branding to manual pages. -- Put more content into the manual pages. +- Add the information about correct constants to the manual pages. - Make 'struct acl' variable size. ==== //depot/projects/soc2008/trasz_nfs4acl/share/man/man9/Makefile#4 (text+ko) ==== @@ -240,6 +240,7 @@ usbdi.9 \ utopia.9 \ vaccess.9 \ + vaccess_acl_nfs4.9 \ vaccess_acl_posix1e.9 \ vcount.9 \ vflush.9 \ ==== //depot/projects/soc2008/trasz_nfs4acl/share/man/man9/acl.9#2 (text+ko) ==== @@ -97,13 +97,20 @@ .It Dv ACL_MASK The maximum discretionary access rights that can be granted to a process in the file group class. +This is only valid for POSIX.1e ACLs. .It Dv ACL_OTHER Discretionary access rights for processes not covered by any other ACL entry. +This is only valid for POSIX.1e ACLs. .It Dv ACL_OTHER_OBJ Same as .Dv ACL_OTHER . -Each ACL entry must contain exactly one +.It Dv ACL_EVERYONE +Discretionary access rights for all users. +This is only valid for NFS4 ACLs. +.El +.Pp +Each POSIX.1e ACL must contain exactly one .Dv ACL_USER_OBJ , one .Dv ACL_GROUP_OBJ , @@ -117,13 +124,13 @@ are present, then exactly one .Dv ACL_MASK entry should be present. -.El .It Vt uid_t Va ae_id The ID of user for whom this ACL describes access permissions. .It Vt acl_perm_t Va ae_perm This field defines what kind of access the process matching this ACL has for accessing the associated file. -.Bl -tag -width ".Dv ACL_POSIX1E_BITS" +For POSIX.1e ACLs, the following are valid: +.Bl -tag -width ".Dv ACL_WRITE_NAMED_ATTRS" .It Dv ACL_EXECUTE The process may execute the associated file. .It Dv ACL_WRITE @@ -134,70 +141,56 @@ The process has no read, write or execute permissions to the associated file. .El +.Pp +For NFS4 ACLs, the following are valid: +.Bl -tag -width ".Dv ACL_WRITE_NAMED_ATTRS" +.It Dv ACL_READ_DATA +.It Dv ACL_LIST_DIRECTORY +Same as +.Dv ACL_READ_DATA . +.It Dv ACL_WRITE_DATA +.It Dv ACL_ADD_FILE +Same as +.Dv ACL_ACL_WRITE_DATA . +.It Dv ACL_APPEND_DATA +.It Dv ACL_ADD_SUBDIRECTORY +Same as +.Dv ACL_APPEND_DATA . +.It Dv ACL_READ_NAMED_ATTRS +.It Dv ACL_WRITE_NAMED_ATTRS +.It Dv ACL_EXECUTE +.It Dv ACL_DELETE_CHILD +.It Dv ACL_READ_ATTRIBUTES +.It Dv ACL_WRITE_ATTRIBUTES +.It Dv ACL_DELETE +.It Dv ACL_READ_ACL +.It Dv ACL_WRITE_ACL +.It Dv ACL_WRITE_OWNER +.It Dv ACL_SYNCHRONIZE +.El +.It Vt acl_extended_t Va ae_extended +This field defines the type of NFS4 ACL entry. +It is not used with POSIX.1e ACLs. +The following values are valid: +.Bl -tag -width ".Dv ACL_WRITE_NAMED_ATTRS" +.It Dv ACL_EXTENDED_ALLOW +.It Dv ACL_EXTENDED_DENY +.El +.It Vt acl_flag_t Va ae_flags +This field defines the inheritance flags of NFS4 ACL entry. +It is not used with POSIX.1e ACLs. +The following values are valid: +.Bl -tag -width ".Dv ACL_ENTRY_DIRECTORY_INHERIT" +.It Dv ACL_ENTRY_FILE_INHERIT +.It Dv ACL_ENTRY_DIRECTORY_INHERIT +.It Dv ACL_ENTRY_LIMIT_INHERIT +.It Dv ACL_ENTRY_ONLY_INHERIT .El -.Sh IMPLEMENTATION NOTES -.Bd -literal -typedef mode_t *acl_permset_t; - -/* internal ACL structure */ -struct acl { - int acl_cnt; - struct acl_entry acl_entry[ACL_MAX_ENTRIES]; -}; - -/* external ACL structure */ -struct acl_t_struct { - struct acl ats_acl; - int ats_cur_entry; -}; -typedef struct acl_t_struct *acl_t; - -/* - * Possible valid values for ae_tag field. - */ -#define ACL_UNDEFINED_TAG 0x00000000 -#define ACL_USER_OBJ 0x00000001 -#define ACL_USER 0x00000002 -#define ACL_GROUP_OBJ 0x00000004 -#define ACL_GROUP 0x00000008 -#define ACL_MASK 0x00000010 -#define ACL_OTHER 0x00000020 -#define ACL_OTHER_OBJ ACL_OTHER - -/* - * Possible valid values for acl_type_t arguments. - */ -#define ACL_TYPE_ACCESS 0x00000000 -#define ACL_TYPE_DEFAULT 0x00000001 -#define ACL_TYPE_AFS 0x00000002 -#define ACL_TYPE_CODA 0x00000003 -#define ACL_TYPE_NTFS 0x00000004 -#define ACL_TYPE_NWFS 0x00000005 - -/* - * Possible flags in ae_perm field. - */ -#define ACL_EXECUTE 0x0001 -#define ACL_WRITE 0x0002 -#define ACL_READ 0x0004 -#define ACL_PERM_NONE 0x0000 -#define ACL_PERM_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ) -#define ACL_POSIX1E_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ) - -/* - * Possible entry_id values for acl_get_entry() - */ -#define ACL_FIRST_ENTRY 0 -#define ACL_NEXT_ENTRY 1 - -/* - * Undefined value in ae_id field - */ -#define ACL_UNDEFINED_ID ((uid_t)-1) -.Ed +.El .Sh SEE ALSO .Xr acl 3 , .Xr vaccess_acl_posix1e 9 , +.Xr vaccess_acl_nfs4 9 , .Xr VFS 9 , .Xr vnaccess 9 , .Xr VOP_ACLCHECK 9 ,