Class ACL

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__

Returns: a new object with type S, a subtype of T

Overrides: object.__new__

str(x)

Overrides: object.__str__

Append a new Entry to the ACL and return it.

This is a convenience function to create a new Entry and append it to the ACL. If a parameter of type Entry instance is given, the entry will be a copy of that one (as if copied with Entry.copy()), otherwise, the new entry will be empty.

Apply the ACL to a file or filehandle.

Parameters:

• either a filename or a file-like object or an integer; this represents the filesystem object on which to act
• optional flag representing the type of ACL to set, either ACL_TYPE_ACCESS (default) or ACL_TYPE_DEFAULT

Compute the file group class mask.

The calc_mask() method calculates and sets the permissions associated with the ACL_MASK Entry of the ACL. The value of the new permissions is the union of the permissions granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or ACL_USER. If the ACL already contains an ACL_MASK entry, its permissions are overwritten; if it does not contain an ACL_MASK Entry, one is added.

The order of existing entries in the ACL is undefined after this function.

Check the ACL validity.

This is a non-portable, Linux specific extension that allow more information to be retrieved in case an ACL is not valid than the validate() method.

This method will return either False (the ACL is valid), or a tuple with two elements. The first element is one of the following constants:

• ACL_MULTI_ERROR: The ACL contains multiple entries that have a tag type that may occur at most once
• ACL_DUPLICATE_ERROR: The ACL contains multiple ACL_USER or ACL_GROUP entries with the same ID
• ACL_MISS_ERROR: A required entry is missing
• ACL_ENTRY_ERROR: The ACL contains an invalid entry tag type

The second element of the tuple is the index of the entry that is invalid (in the same order as by iterating over the ACL entry)

Deletes an entry from the ACL.

Note: Only with level 2 Parameters:

• the Entry object which should be deleted; note that after this function is called, that object is unusable any longer and should be deleted

Return the octal mode the ACL is equivalent to.

This is a non-portable, Linux specific extension that checks if the ACL is a basic ACL and returns the corresponding mode.

An IOerror exception will be raised if the ACL is an extended ACL

Convert the ACL to a custom text format.

This method encapsulates the acl_to_any_text function. It allows a customized text format to be generated for the ACL. See acl_to_any_text(3) for more details.

Parameters:

• prefix: if given, this string will be prepended to all lines
• separator: a single character (defaults to '\n'); this will be user to separate the entries in the ACL
• options: a bitwise combination of:
  • TEXT_ABBREVIATE: use 'u' instead of 'user', 'g' instead of 'group', etc.
  • TEXT_NUMERIC_IDS: User and group IDs are included as decimal numbers instead of names
  • TEXT_SOME_EFFECTIVE: Include comments denoting the effective permissions when some are masked
  • TEXT_ALL_EFFECTIVE: Include comments after all ACL entries affected by an ACL_MASK entry
  • TEXT_SMART_INDENT: Used in combination with the _EFFECTIVE options, this will ensure that comments are alligned to the fourth tab position (assuming one tab equals eight spaces)

Test the ACL for validity.

This method tests the ACL to see if it is a valid ACL in terms of the filesystem. More precisely, it checks that:

The ACL contains exactly one entry with each of the ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries with ACL_USER and ACL_GROUP tag types may appear zero or more times in an ACL. An ACL that contains entries of ACL_USER or ACL_GROUP tag types must contain exactly one entry of the ACL_MASK tag type. If an ACL contains no entries of ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is optional.

All user ID qualifiers must be unique among all entries of the ACL_USER tag type, and all group IDs must be unique among all entries of ACL_GROUP tag type.

The method will return 1 for a valid ACL and 0 for an invalid one. This has been chosen because the specification for acl_valid in the POSIX.1e standard documents only one possible value for errno in case of an invalid ACL, so we can't differentiate between classes of errors. Other suggestions are welcome.