acl_extended_file, acl_extended_file_nofollow — test for information in ACLs by file name


Linux Access Control Lists library (libacl, −lacl).


#include <sys/types.h>
#include <acl/libacl.h>


acl_extended_file(const char *path_p);


acl_extended_file_nofollow(const char *path_p);


The acl_extended_file() function returns 1 if the file or directory referred to by the argument path_p is associated with an extended access ACL, or if the directory referred to by path_p is associated with a default ACL. The function returns 0 if the file has neither an extended access ACL nor a default ACL.

An extended ACL is an ACL that contains entries other than the three required entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER. If the result of the acl_extended_file() function for a file object is 0, then ACLs define no discretionary access rights other than those already defined by the traditional file permission bits.

Access to the file object may be further restricted by other mechanisms, such as Mandatory Access Control schemes. The access(2) system call can be used to check whether a given type of access to a file object would be granted.

acl_extended_file_nofollow() is identical to acl_extended_file(), except in the case of a symbolic link, where the link itself is interrogated, not the file that it refers to. Since symbolic links have no ACL themselves, the operation is supposed to fail on them.


If successful, the acl_extended_file() function returns 1 if the file object referred to by path_p has an extended access ACL or a default ACL, and 0 if the file object referred to by path_p has neither an extended access ACL nor a default ACL. Otherwise, the value -1 is returned and the global variable errno is set to indicate the error.


If any of the following conditions occur, the acl_extended_file() function returns -1 and sets errno to the corresponding value:


Search permission is denied for a component of the path prefix.


The length of the argument path_p is too long.


The named object does not exist or the argument path_p points to an empty string.


A component of the path prefix is not a directory.


The file system on which the file identified by path_p is located does not support ACLs, or ACLs are disabled.


This is a non-portable, Linux specific extension to the ACL manipulation functions defined in IEEE Std 1003.1e draft 17 (“POSIX.1e”, abandoned).


access(2), acl_get_file(3), acl(5)


Written by Andreas Gruenbacher ⟨⟩ .

Linux ACL March 23, 2002 Linux ACL

More Linux Commands

tsearch(3) - manage a binary tree - Linux manual page.......
tsearch(), tfind(), twalk(), and tdelete() manage a binary tree. They are generalized from Knuth (6.2.2) Algorithm T. The first field in each node of the tree i

unicode_start(1) - put keyboard and console in unicode mode
The unicode_start command will put the keyboard and console into Unicode (UTF-8) mode. For the keyboard this means that one can attach 16-bit U+xxxx values to k

XrmGetResource(3) - retrieve database resources and search l
The XrmGetResource and XrmQGetResource functions retrieve a resource from the specified database. Both take a fully qualified name/class pair, a destination res

shells(5) - pathnames of valid login shells - Linux man page
/etc/shells is a text file which contains the full pathnames of valid login shells. This file is consulted by chsh(1) and available to be queried by other progr

XmbTextPerCharExtents(3) - obtain per-character information
The XmbTextPerCharExtents, XwcTextPerCharExtents and Xutf8TextPerCharExtents functions return the text dimensions of each character of the specified text, using

XActivateScreenSaver(3) - manipulate the screen saver.......
Timeout and interval are specified in seconds. A timeout of 0 disables the screen saver (but an activated screen saver is not deactivated), and a timeout of -1

bootctl(1) Control the firmware and boot manager settings...
bootctl may be used to query or (in the future) change the firmware and boot manager settings. Firmware information is available only on EFI systems. Currently,

Tk_TextLayoutToPostscript(3) - routines to measure and displ
These routines are for measuring and displaying single-font, multi-line, justified text. To measure and display simple single-font, single-line strings, refer t

gnutls_psk_set_client_credentials(3) - API function.........
This function sets the username and password, in a gnutls_psk_client_credentials_t structure. Those will be used in PSK authentication. username should be an AS

efibootmgr(8) manipulate the EFI Boot Manager (Man Page)....
efibootmgr is a userspace application used to modify the Intel Extensible Firmware Interface (EFI) Boot Manager. This application can create and destroy boot en

setprotoent(3) - get protocol entry - Linux manual page.....
setprotoent.3 - The getprotoent() function reads the next entry from the protocols database (see protocols(5)) and returns a protoent structure containing the b

lzma(1) - Compress or decompress .xz and .lzma files........
xz is a general-purpose data compression tool with command line syntax similar to gzip(1) and bzip2(1). The native file format is the .xz format, but the legacy

We can't live, work or learn in freedom unless the software we use is free.