| ACL_SET_FILE(3) | Library Functions Manual | ACL_SET_FILE(3) |
NAME
acl_set_file,
acl_set_file_at — set an ACL
by filename
LIBRARY
Linux Access Control Lists library (libacl, -lacl).
SYNOPSIS
#include
<sys/types.h>
#include <sys/acl.h>
int
acl_set_file(const char *path_p,
acl_type_t type, acl_t acl);
int
acl_set_file_at(int dirfd,
const char *path_p, int
at_flags, acl_type_t type, acl_t
acl);
DESCRIPTION
The
acl_set_file()
function associates an access ACL with a file or directory, or associates a
default ACL with a directory. The pathname for the file or directory is
given in the argument path_p. If
path_p is a symbolic link,
acl_set_file() operates on the file or directory the
link refers to.
The effective user ID of the process must match the owner of the file or directory or the process must have the CAP_FOWNER capability for the request to succeed.
The value of the argument type is used to
indicate whether the access ACL or the default ACL associated with
path_p is being set. If the type
parameter is ACL_TYPE_ACCESS, the access ACL of
path_p shall be set. If the type
parameter is ACL_TYPE_DEFAULT, the default ACL of
path_p shall be set. If the argument
type specifies a type of ACL that cannot be associated
with path_p, then the function fails.
The acl parameter must
reference a valid ACL according to the rules described on the
acl_valid(3) manual page if the
type parameter is
ACL_TYPE_ACCESS, and must either reference a valid
ACL or an ACL with zero ACL entries if the type
parameter is ACL_TYPE_DEFAULT. If the
acl parameter references an empty ACL, then the
acl_set_file()
function removes any default ACL associated with the directory referred to
by the path_p parameter.
acl_set_file_at()
The acl_set_file_at() function operates in
exactly the same way as acl_set_file(), except for
the differences described here.
If the pathname given in
path_p is relative, then it is interpreted relative to
the directory referred to by the file descriptor dirfd
(rather than relative to the current working directory of the calling
process, as is done by
acl_set_file()).
If path_p is relative
and dirfd is the special value
AT_FDCWD, then path_p is
interpreted relative to the current working directory of the calling process
(like
acl_set_file()).
If path_p is absolute, then dirfd is ignored.
The at_flags argument can either be 0, or include one or more of the following flags ORed:
AT_EMPTY_PATH- If path_p is an empty string, operate on the file
referred to by dirfd (which may have been obtained
using the open(2)
O_PATHflag). In this case, dirfd can refer to any type of file, not just a directory, and the behavior ofacl_set_file_at() is similar to that ofacl_set_fd(). AT_SYMLINK_NOFOLLOW- If path_p refers to a symbolic link, do not
dereference it: instead, fail the operation and set the global variable
errno to
ENOTSUP. This indicates that the symbolic link cannot have ACLs.
RETURN VALUE
The acl_set_file() and
acl_set_file_at() functions return the
value 0 if successful; otherwise the value -1 is returned and
the global variable errno is set to indicate the
error.
ERRORS
If any of the following conditions occur, the
acl_set_file() and
acl_set_file_at() functions return
-1 and set errno to the
corresponding value:
- [
EACCES] - Search permission is denied for a component of the path prefix or the
object exists and the process does not have appropriate access rights.
Argument type specifies a type of ACL that cannot be associated with path_p.
- [
EBADF] - The argument path_p is relative but the argument
dirfd is neither
AT_FDCWDnor a valid file descriptor. - [
EINVAL] - The argument acl does not point to a valid ACL.
The ACL has more entries than the file referred to by path_p can obtain.
The type parameter is not
ACL_TYPE_ACCESSorACL_TYPE_DEFAULT.The type parameter is
ACL_TYPE_DEFAULT, but the file referred to by path_p is not a directory.An invalid flag was specified in the at_flags argument.
- [
ENAMETOOLONG] - The length of the argument path_p is too long.
- [
ENOENT] - The named object does not exist or the argument path_p points to an empty string.
- [
ENOSPC] - The directory or file system that would contain the new ACL cannot be extended or the file system is out of file allocation resources.
- [
ENOTDIR] - A component of the path prefix is not a directory.
The argument path_p is relative and the argument dirfd is a file descriptor referring to a file other than a directory.
- [
ENOTSUP] - The argument at_flags includes the flag
AT_SYMLINK_NOFOLLOWand path_p is a symbolic link.The file identified by path_p cannot be associated with the ACL because the file system on which the file is located does not support this.
- [
EPERM] - The process does not have appropriate privilege to perform the operation to set the ACL.
- [
EROFS] - This function requires modification of a file system which is currently read-only.
STANDARDS
IEEE Std 1003.1e draft 17 (“POSIX.1e”, abandoned)
The behavior of acl_set_file() when the
acl parameter refers to an empty ACL and the
type parameter is
ACL_TYPE_DEFAULT is an extension in the Linux
implementation, in order that all values returned by
acl_get_file() can be passed to
acl_set_file(). The POSIX.1e function for removing a
default ACL is acl_delete_def_file().
Function acl_get_file_at() is a Linux
specific extension.
SEE ALSO
acl_delete_def_file(3), acl_get_file(3), acl_set_fd(3), acl_valid(3), acl(5)
AUTHOR
Derived from the FreeBSD manual pages written by Robert N M Watson ⟨rwatson@FreeBSD.org⟩, and adapted for Linux by Andreas Gruenbacher ⟨andreas.gruenbacher@gmail.com⟩.
| June 5, 2026 | Linux ACL |