How to Check If a UId Exists in an Acl in Linux

How to check if a UID exists in an ACL in Linux?

If I misunderstood the question I apologize, but hopefully you will find this helpful:

Exceprt from some acl documentation:

The following functions retrieve and manipulate ACL entries:

acl_copy_entry()
acl_create_entry()
acl_delete_entry()
acl_first_entry()
acl_get_entry()

The following functions retrieve and manipulate fields in an ACL entry:

acl_add_perm() 
acl_clear_perm()
alc_delete_perm() 
acl_get_permset() 
acl_get_qualifier() 
acl_get_tag_type() 
acl_set_permset() 
acl_set_qualifier() 
acl_set_tag_type()

...

ACL Entries

An ACL entry consists of the following fields:

Tag type (defined in the acl.h header file):

ACL_USER_OBJ - The owning user entry.

ACL_GROUP_OBJ - The owning group entry.

ACL_USER - An entry for other users.

ACL_GROUP - An entry for other groups.

ACL_OTHER_OBJ - The entry for all users and groups that are not included in another entry.

Tag qualifier - The qualifier value for a ACL_USER entry is a user ID.

The qualifier value for a ACL_GROUP entry is a group ID.
The qualifier value for any of the *_OBJ entries is NULL.

From acl_update.c:

/* 
Find the the ACL entry in 'acl' corresponding to the tag type and
   qualifier in 'tag' and 'id'. Return the matching entry, or NULL
   if no entry was found. */

static acl_entry_t
findEntry(acl_t acl, acl_tag_t tag, id_t qaul)
{
    acl_entry_t entry;
    acl_tag_t entryTag;
    uid_t *uidp;
    gid_t *gidp;
    int ent, s;

    for (ent = ACL_FIRST_ENTRY; ; ent = ACL_NEXT_ENTRY) {
        s = acl_get_entry(acl, ent, &entry);
        if (s == -1)
            errExit("acl_get_entry");

        if (s == 0)
            return NULL;

        if (acl_get_tag_type(entry, &entryTag) == -1)
            errExit("acl_get_tag_type");

        if (tag == entryTag) {
            if (tag == ACL_USER) {
                uidp = acl_get_qualifier(entry);
                if (uidp == NULL)
                    errExit("acl_get_qualifier");

                if (qaul == *uidp) {
                    if (acl_free(uidp) == -1)
                        errExit("acl_free");
                    return entry;
                } else {
                    if (acl_free(uidp) == -1)
                        errExit("acl_free");
                }

            } else if (tag == ACL_GROUP) {
                gidp = acl_get_qualifier(entry);
                if (gidp == NULL)
                    errExit("acl_get_qualifier");

                if (qaul == *gidp) {
                    if (acl_free(gidp) == -1)
                        errExit("acl_free");
                    return entry;
                } else {
                    if (acl_free(gidp) == -1)
                        errExit("acl_free");
                }

            } else {
                return entry;
            }
        }
    }
}

I dont think u need to check the ACL of a specific file, but if I am wrong, here is some info to do so:

$ getfacl myFile 
# file: myFile
# owner: jon
# group: people
user::rwx
user:foo:rwx
group::rwx
mask::rwx
other::---

then to get a uid from the name (untested but should be close):

$ grep /etc/passwd `getfacl myFile | grep owner | split -d":" -f2` | egrep -o "[0-9]+"

Some more resources:

acl/facl examples and reference
man acl

POSIX Access Control Lists

statacl

Test if a directory is writable by a given UID?

Here's a long, roundabout way of checking.

USER=johndoe
DIR=/path/to/somewhere

# Use -L to get information about the target of a symlink,
# not the link itself, as pointed out in the comments
INFO=( $(stat -L -c "%a %G %U" "$DIR") )
PERM=${INFO[0]}
GROUP=${INFO[1]}
OWNER=${INFO[2]}

ACCESS=no
if (( ($PERM & 0002) != 0 )); then
    # Everyone has write access
    ACCESS=yes
elif (( ($PERM & 0020) != 0 )); then
    # Some group has write access.
    # Is user in that group?
    gs=( $(groups $USER) )
    for g in "${gs[@]}"; do
        if [[ $GROUP == $g ]]; then
            ACCESS=yes
            break
        fi
    done
elif (( ($PERM & 0200) != 0 )); then
    # The owner has write access.
    # Does the user own the file?
    [[ $USER == $OWNER ]] && ACCESS=yes
fi

How to run a Linux/C program in a customized way?

You should search for "beginning linux" to get some web sites that will give you the basics of navigating around in Linux, notably on the command line.

Then I'd search for "beginning vi" to learn the basics of the vi editor. If you're using a GUI, then you can simply use their simple GUI text editor.

Then I would search on "Beginning C programming linux". That will give you several links, and will get you through the basics of creating a C program and compiling it with GCC.

That should keep you in enough trouble for the short term until something clicks or you learn enough new terms to keep searching for.

Good luck!


Related Topics

How to Fix Urllib3 Runtimeerror: Requests Dependency 'Urllib3' Must Be Version >= 1.21.1, < 1.22

Laravel-Mix No Build Notification

How to Get Notified of Modification in The Memory in Linux

Understanding Glibc Malloc Trimming

Get Man Pages for Driver Functions

Linux >2.6.33: Could Sendfile() Be Used to Implement a Faster 'Cat'

Which Is Faster of Two Case or If

Posix Queues and Msg_Max

Linux: How to Send a Whole Packet to a Specific Port on Another Host

Grep on Colored Lines

Get Disk Type in Qt

How to Find Out The User of Parent Shell Inside a Child Shell

Accidentally Deleted Symlink Libc.So.6 in Centos 6.4. How to Get Sudo Privilege to Re-Create It

What Algorithm How to Use to Generate a 48-Bit Hash for Unique MAC Addresses

How to Specify a Local Bond Interface to Multicast Socket in Haskell

What Does Signal(Sigchld, Sig_Dfl); Mean

Amazon Ses on Google Cloud Computing Instance Vm Using Postfix

Lkm: Last Block Written to Device


Leave a reply



Submit