/usr/share/doc/python-pylibacl/html/implementation.html is in python-pylibacl 0.5.2-2build2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Implementation details — pylibacl 0.5.2 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.5.2',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="pylibacl 0.5.2 documentation" href="index.html" />
<link rel="next" title="News" href="news.html" />
<link rel="prev" title="POSIX.1e ACLs manipulation" href="module.html" />
</head>
<body role="document">
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="news.html" title="News"
accesskey="N">next</a></li>
<li class="right" >
<a href="module.html" title="POSIX.1e ACLs manipulation"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">pylibacl 0.5.2 documentation</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="implementation-details">
<h1>Implementation details<a class="headerlink" href="#implementation-details" title="Permalink to this headline">¶</a></h1>
<div class="section" id="functionality-level">
<h2>Functionality level<a class="headerlink" href="#functionality-level" title="Permalink to this headline">¶</a></h2>
<p>The IEEE 1003.1e draft 17 (“POSIX.1e”) describes a set of 28 functions.
These are grouped into three groups, based on their portability:</p>
<ul>
<li><p class="first">first group, the most portable one. All systems which claim to support
POSIX.1e should implement these:</p>
<blockquote>
<div><p>acl_delete_def_file(3), acl_dup(3), acl_free(3), acl_from_text(3),
acl_get_fd(3), acl_get_file(3), acl_init(3), acl_set_fd(3),
acl_set_file(3), acl_to_text(3), acl_valid(3)</p>
</div></blockquote>
</li>
<li><p class="first">second group, containing the rest of the POSIX ACL functions. Systems
which claim to fully implement POSIX.1e should implement these:</p>
<blockquote>
<div><p>acl_add_perm(3), acl_calc_mask(3), acl_clear_perms(3),
acl_copy_entry(3), acl_copy_ext(3), acl_copy_int(3),
acl_create_entry(3), acl_delete_entry(3), acl_delete_perm(3),
acl_get_entry(3), acl_get_permset(3), acl_get_qualifier(3),
acl_get_tag_type(3), acl_set_permset(3), acl_set_qualifier(3),
acl_set_tag_type(3), acl_size(3)</p>
</div></blockquote>
</li>
<li><p class="first">third group, containing extra functions implemented by each OS. These
are non-portable version. Both Linux and FreeBSD implement some extra
functions.</p>
</li>
</ul>
<p>Thus we have the level of compliance. Depending on whether the system
library support the second group, you get some extra methods for the ACL
object.</p>
<p>The implementation of the second group of function can be tested by
checking the module-level constant HAS_ACL_ENTRY. The extra
functionality available on Linux can be tested by additional HAS_*
constants.</p>
</div>
<div class="section" id="internal-structure">
<h2>Internal structure<a class="headerlink" href="#internal-structure" title="Permalink to this headline">¶</a></h2>
<p>The POSIX draft has the following stuff (correct me if I’m wrong):</p>
<ul class="simple">
<li>an ACL is denoted by acl_t</li>
<li>an ACL contains many acl_entry_t, these are the individual entries in
the list; they always(!) belong to an acl_t</li>
<li>each entry_t has a qualifier (think uid_t or gid_t), whose type is
denoted by the acl_tag_t type, and an acl_permset_t</li>
<li>the acl_permset_t can contain acl_perm_t value (ACL_READ, ACL_WRITE,
ACL_EXECUTE, ACL_ADD, ACL_DELETE, ...)</li>
<li>functions to manipulate all these, and functions to manipulate files</li>
</ul>
</div>
<div class="section" id="currently-supported-platforms">
<h2>Currently supported platforms<a class="headerlink" href="#currently-supported-platforms" title="Permalink to this headline">¶</a></h2>
<p>For any other platforms, volunteers are welcome.</p>
<div class="section" id="linux">
<h3>Linux<a class="headerlink" href="#linux" title="Permalink to this headline">¶</a></h3>
<p>It needs kernel 2.4 or higher and the libacl library installed (with
development headers, if installing from rpm). This library is available
on all modern distributions.</p>
<p>The level of compliance is level 2 (see IMPLEMENTATION), plus some extra
functions; and as my development is done on Linux, I try to implement
these extensions when it makes sense.</p>
</div>
<div class="section" id="freebsd">
<h3>FreeBSD<a class="headerlink" href="#freebsd" title="Permalink to this headline">¶</a></h3>
<p>The current tested version is 7.0. FreeBSD supports all the standards
functions, but 7.0-RELEASE seems to have some issues regarding the
acl_valid() function when the qualifier of an ACL_USER or ACL_GROUP
entry is the same as the current uid. By my interpretation, this should
be a valid ACL, but FreeBSD declares the ACL invalid. As such, some
unittests fail on FreeBSD.</p>
</div>
</div>
<div class="section" id="porting-to-other-platforms">
<h2>Porting to other platforms<a class="headerlink" href="#porting-to-other-platforms" title="Permalink to this headline">¶</a></h2>
<p>First, determine if your OS supports the full 28 functions of the
POSIX.1e draft (if so, define HAVE_LEVEL2) or only the first 11
functions (most common case, meaning only HAVE_LEVEL1).</p>
<p>If your OS supports only LEVEL1, modify <code class="docutils literal"><span class="pre">setup.py</span></code> as appropriately;
unfortunately, the functionality of the module is quite low.</p>
<p>If your OS supports LEVEL2, there is a function which you must define:
testing if an acl_permset_t contains a given permission. For example,
under Linux, the acl library defines:</p>
<div class="highlight-python"><div class="highlight"><pre>int acl_get_perm(acl_permset_t permset_d, acl_perm_t perm);
</pre></div>
</div>
<p>under FreeBSD, the library defines <code class="docutils literal"><span class="pre">acl_get_perm_np</span></code> with a similar
syntax. So just see how this is implemented in your platform and either
define a simple macro or a full function with the syntax:</p>
<div class="highlight-python"><div class="highlight"><pre>static int get_perm(acl_permset_t permset_d, acl_perm_t perm);
</pre></div>
</div>
<p>which must return 1 if the permset contains perm and 0 otherwise.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h3><a href="index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Implementation details</a><ul>
<li><a class="reference internal" href="#functionality-level">Functionality level</a></li>
<li><a class="reference internal" href="#internal-structure">Internal structure</a></li>
<li><a class="reference internal" href="#currently-supported-platforms">Currently supported platforms</a><ul>
<li><a class="reference internal" href="#linux">Linux</a></li>
<li><a class="reference internal" href="#freebsd">FreeBSD</a></li>
</ul>
</li>
<li><a class="reference internal" href="#porting-to-other-platforms">Porting to other platforms</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="module.html"
title="previous chapter">POSIX.1e ACLs manipulation</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="news.html"
title="next chapter">News</a></p>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="news.html" title="News"
>next</a></li>
<li class="right" >
<a href="module.html" title="POSIX.1e ACLs manipulation"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">pylibacl 0.5.2 documentation</a> »</li>
</ul>
</div>
<div class="footer" role="contentinfo">
© Copyright 2002-2009, 2012, 2014, Iustin Pop.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.4.
</div>
</body>
</html>
|