1 /* set-mode-acl.c - set access control list equivalent to a mode
3 Copyright (C) 2002-2003, 2005-2008 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 Written by Paul Eggert and Andreas Gruenbacher. */
24 #include "acl-internal.h"
26 /* If DESC is a valid file descriptor use fchmod to change the
27 file's mode to MODE on systems that have fchown. On systems
28 that don't have fchown and if DESC is invalid, use chown on
30 Return 0 if successful. Return -1 and set errno upon failure. */
33 chmod_or_fchmod (const char *name, int desc, mode_t mode)
35 if (HAVE_FCHMOD && desc != -1)
36 return fchmod (desc, mode);
38 return chmod (name, mode);
41 /* Set the access control lists of a file. If DESC is a valid file
42 descriptor, use file descriptor operations where available, else use
43 filename based operations on NAME. If access control lists are not
44 available, fchmod the target file to MODE. Also sets the
45 non-permission bits of the destination file (S_ISUID, S_ISGID, S_ISVTX)
46 to those from MODE if any are set.
47 Return 0 if successful. Return -1 and set errno upon failure. */
50 qset_acl (char const *name, int desc, mode_t mode)
53 # if HAVE_ACL_GET_FILE
54 /* POSIX 1003.1e draft 17 (abandoned) specific version. */
55 /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
57 /* Linux, FreeBSD, IRIX, Tru64 */
59 /* We must also have acl_from_text and acl_delete_def_file.
60 (acl_delete_def_file could be emulated with acl_init followed
61 by acl_set_file, but acl_set_file with an empty acl is
64 # ifndef HAVE_ACL_FROM_TEXT
65 # error Must have acl_from_text (see POSIX 1003.1e draft 17).
67 # ifndef HAVE_ACL_DELETE_DEF_FILE
68 # error Must have acl_delete_def_file (see POSIX 1003.1e draft 17).
74 if (HAVE_ACL_FROM_MODE) /* Linux */
76 acl = acl_from_mode (mode);
80 else /* FreeBSD, IRIX, Tru64 */
82 /* If we were to create the ACL using the functions acl_init(),
83 acl_create_entry(), acl_set_tag_type(), acl_set_qualifier(),
84 acl_get_permset(), acl_clear_perm[s](), acl_add_perm(), we
85 would need to create a qualifier. I don't know how to do this.
86 So create it using acl_from_text(). */
88 # if HAVE_ACL_FREE_TEXT /* Tru64 */
89 char acl_text[] = "u::---,g::---,o::---,";
90 # else /* FreeBSD, IRIX */
91 char acl_text[] = "u::---,g::---,o::---";
94 if (mode & S_IRUSR) acl_text[ 3] = 'r';
95 if (mode & S_IWUSR) acl_text[ 4] = 'w';
96 if (mode & S_IXUSR) acl_text[ 5] = 'x';
97 if (mode & S_IRGRP) acl_text[10] = 'r';
98 if (mode & S_IWGRP) acl_text[11] = 'w';
99 if (mode & S_IXGRP) acl_text[12] = 'x';
100 if (mode & S_IROTH) acl_text[17] = 'r';
101 if (mode & S_IWOTH) acl_text[18] = 'w';
102 if (mode & S_IXOTH) acl_text[19] = 'x';
104 acl = acl_from_text (acl_text);
108 if (HAVE_ACL_SET_FD && desc != -1)
109 ret = acl_set_fd (desc, acl);
111 ret = acl_set_file (name, ACL_TYPE_ACCESS, acl);
114 int saved_errno = errno;
117 if (ACL_NOT_WELL_SUPPORTED (errno))
119 if (chmod_or_fchmod (name, desc, mode) != 0)
130 if (S_ISDIR (mode) && acl_delete_def_file (name))
133 if (mode & (S_ISUID | S_ISGID | S_ISVTX))
135 /* We did not call chmod so far, so the special bits have not yet
138 if (chmod_or_fchmod (name, desc, mode))
143 # else /* !MODE_INSIDE_ACL */
146 # if !HAVE_ACL_TYPE_EXTENDED
147 # error Must have ACL_TYPE_EXTENDED
150 /* On MacOS X, acl_get_file (name, ACL_TYPE_ACCESS)
151 and acl_get_file (name, ACL_TYPE_DEFAULT)
152 always return NULL / EINVAL. You have to use
153 acl_get_file (name, ACL_TYPE_EXTENDED)
154 or acl_get_fd (open (name, ...))
157 acl_set_file (name, ACL_TYPE_ACCESS, acl)
158 and acl_set_file (name, ACL_TYPE_DEFAULT, acl)
159 have the same effect as
160 acl_set_file (name, ACL_TYPE_EXTENDED, acl):
161 Each of these calls sets the file's ACL. */
166 /* Remove the ACL if the file has ACLs. */
167 if (HAVE_ACL_GET_FD && desc != -1)
168 acl = acl_get_fd (desc);
170 acl = acl_get_file (name, ACL_TYPE_EXTENDED);
178 if (HAVE_ACL_SET_FD && desc != -1)
179 ret = acl_set_fd (desc, acl);
181 ret = acl_set_file (name, ACL_TYPE_EXTENDED, acl);
184 int saved_errno = errno;
188 if (ACL_NOT_WELL_SUPPORTED (saved_errno))
190 if (chmod_or_fchmod (name, desc, mode) != 0)
202 return chmod_or_fchmod (name, desc, mode);
205 # elif defined ACL_NO_TRIVIAL
206 /* Solaris 10, with NFSv4 ACLs. */
208 char acl_text[] = "user::---,group::---,mask:---,other:---";
210 if (mode & S_IRUSR) acl_text[ 6] = 'r';
211 if (mode & S_IWUSR) acl_text[ 7] = 'w';
212 if (mode & S_IXUSR) acl_text[ 8] = 'x';
213 if (mode & S_IRGRP) acl_text[17] = acl_text[26] = 'r';
214 if (mode & S_IWGRP) acl_text[18] = acl_text[27] = 'w';
215 if (mode & S_IXGRP) acl_text[19] = acl_text[28] = 'x';
216 if (mode & S_IROTH) acl_text[36] = 'r';
217 if (mode & S_IWOTH) acl_text[37] = 'w';
218 if (mode & S_IXOTH) acl_text[38] = 'x';
220 if (acl_fromtext (acl_text, &aclp) != 0)
227 int ret = (desc < 0 ? acl_set (name, aclp) : facl_set (desc, aclp));
228 int saved_errno = errno;
230 if (ret == 0 || saved_errno != ENOSYS)
237 return chmod_or_fchmod (name, desc, mode);
239 # else /* Unknown flavor of ACLs */
240 return chmod_or_fchmod (name, desc, mode);
243 return chmod_or_fchmod (name, desc, mode);
247 /* As with qset_acl, but also output a diagnostic on failure. */
250 set_acl (char const *name, int desc, mode_t mode)
252 int r = qset_acl (name, desc, mode);
254 error (0, errno, _("setting permissions for %s"), quote (name));