Updated: 2020/Jul/29


POSIX1E(3)                 Library Functions Manual                 POSIX1E(3)

NAME
     posix1e - introduction to the POSIX.1e security API

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <sys/types.h>
     #include <sys/acl.h>

DESCRIPTION
     POSIX.1e describes five security extensions to the POSIX.1 API: Access
     Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control,
     and Information Flow Labels.  While IEEE POSIX.1e D17 specification has
     not been standardized, several of its interfaces are widely used.

     NetBSD implements POSIX.1e interface for access control lists, described
     in acl(3), and supports ACLs on the ffs(7) file system; ACLs must be
     administratively enabled using tunefs(8) or via mount(8) options.

     NetBSD does not implement the POSIX.1e mac, audit, privilege
     (capability), or information flow label APIs.

ENVIRONMENT
     POSIX.1e assigns security attributes to all objects, extending the
     security functionality described in POSIX.1.  These additional attributes
     store fine-grained discretionary access control information; for files,
     they are stored in extended attributes, described in extattr(3).

     POSIX.2c describes a set of userland utilities for manipulating these
     attributes, including getfacl(1) and setfacl(1).

SEE ALSO
     getfacl(1), setfacl(1), acl(3), extattr(3), ffs(7), tunefs(8), acl(9),
     extattr(9)

STANDARDS
     POSIX.1e is described in IEEE POSIX.1e draft 17.

HISTORY
     POSIX.1e support was introduced in NetBSD 10.0.

AUTHORS
     Robert N M Watson
     Chris D. Faulhaber
     Thomas Moestl
     Ilmar S Habibulin

NetBSD 9.99                    February 25, 2016                   NetBSD 9.99