Solaris::ACL - Perl extension for reading and setting Solaris Access Control Lists for files
use Solaris::ACL; ($acl, $default_acl) = getfacl("path/to/file"); setfacl("path/to/file", $acl [, $default_acl]);
This module provides access to the system level acl(2) call, allowing efficient setting and reading of Access Control Lists (ACLs) in perl.
acl
ACL provides the following functions:
$path
$acl
$default_acl
Set the ACL of the file or directory named by $path to that specified by $acl. If $path names a directory, then the optional $default_acl argument can also be passed to specify the default ACL for the directory. See "ACL structure" for information on how the $acl and $default_acl hashes should be constructed.
$file_name
Return a reference to a hash containing information about the file's ACL. If the file is a directory with a default ACL, then a list is returned, with the first entry being a hash reference to the ACL, and the second being a hash reference to the default ACL. See "Accessing ACL structures" for information on how to access these hashes, and "ACL structure" for information on how these hashes are internally constructed.
The structures returned by the getfacl call are blessed into the Solaris::ACL package, and can be inspected and changed using methods from that class. In most cases, the same method can be used for inspecting or setting values; a value is set if data is given to set it with; otherwise, it is inspected and returned. The following accessor methods are defined:
Without an argument, each of these methods returns the permission for the corresponding entity (user, group, other, or file mask). With an argument, they set the permission to that argument. For example:
$user_perm = $acl->uperm; # find out current owner permissions. $acl->operm(5); # give others read-execute permissions.
If no mask is set in the ACL, mask returns -1.
mask
Without arguments, return a list of users (by uid) or groups (by gid) with special ACL access. When passed a uid/gid as an argument, return the permission for the given user/group, or -1 if no permission is set in the ACL. When passed a uid/gid and a permission, give the specified user/group the indicated permission; if the permission is -1, remove any permissions for the specified user/group.
Calculate the mask for the acl, as would the -r flag of setfacl.
-r
$acl2
Check to see if the acl is equal to $acl2. Returns 1 if equal, 0 otherwise.
$mode
Create a new blessed acl with permissions for user, group and other determined by mode.
$acl = new Solaris::ACL(0741); $acl->users(scalar(getpwnam("iroberts"),2); $acl->users(scalar(getpwnam("rdb"),0); $acl->calc_mask; $def_acl = new Solaris::ACL(0751); setfacl("working_dir", $acl, $def_acl); ($acl1, $def_acl1) = getfacl("working_dir"); print "All is well\n" if($acl->equal($acl1)); $acl2 = getfacl("working_file"); print "uids with acls set: ", join(", ", $acl2->users), "\n"; print "uid 29 had permission ", $acl2->users(29), "\n"; $acl2->users(29,6); $acl2->calc_mask; setfacl("working_file", $acl2) print "uid 29 now has permission 6\n"; # to copy an acl from one file or directory to another; setfacl($target_file, getfacl($source_file));
setfacl returns TRUE if successful and FALSE if unsuccessful. getfacl, if successful, returns a list containing a reference to the hash describing an acl, and, if there is a default acl, a reference to the hash describing the default acl. If unsuccessful, getfacl returns a null list. If either setfacl or getfacl are unsuccessful, the variable $Solaris::ACL::error is set to a descriptive error string; in addition, if the failure was due to a system error, $! is set.
setfacl
getfacl
$Solaris::ACL::error
$!
WARNING: The internal structures described here are subject to change in future versions.
All information passed to setfacl returned from getfacl is in the form of references to hashes. A hash describing an ACL can have the following keys:
Each of these keys have values containing permissions for the corresponding entity (user, group, other, mask).
Each of these keys (if existent) contain a reference to a hash whose keys are decimal representations of numbers, and whose values contain permissions for the user/group whose uid/gid is the number in the key.
No checking is done on data types; bad data will result in strange error message being placed in $Solaris::ACL::errors.
$Solaris::ACL::errors
Ian Robertson <ian@lugh.uchicago.edu>
perl(1), getfacl(1), setfacl(1), acl(2)
To install Solaris::ACL, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Solaris::ACL
CPAN shell
perl -MCPAN -e shell install Solaris::ACL
For more information on module installation, please visit the detailed CPAN module installation guide.