Help on module posix1e: NAME posix1e - POSIX.1e ACLs manipulation FILE /home/iusty/work/pylibacl/build/lib.linux-x86_64-2.4/posix1e.so DESCRIPTION This module provides support for manipulating POSIX.1e ACLS Depending on the operating system support for POSIX.1e, the ACL type will have more or less capabilities: - level 1, only basic support, you can create ACLs from files and text descriptions; once created, the type is immutable - level 2, complete support, you can alter the ACL once it is created Also, in level 2, more types are available, corresponding to acl_entry_t (Entry type), acl_permset_t (Permset type). Example: >>> import posix1e >>> acl1 = posix1e.ACL(file="file.txt") >>> print acl1 user::rw- group::rw- other::r-- >>> b = posix1e.ACL(text="u::rx,g::-,o::-") >>> print b user::r-x group::--- other::--- >>> b.applyto("file.txt") >>> print posix1e.ACL(file="file.txt") user::r-x group::--- other::--- >>> CLASSES __builtin__.object ACL Entry Permset class ACL(__builtin__.object) | Type which represents a POSIX ACL | | Parameters: | Only one keword parameter should be provided: | - file="...", meaning create ACL representing | the access ACL of that file | - filedef="...", meaning create ACL representing | the default ACL of that directory | - fd=, meaning create ACL representing | the access ACL of that file descriptor | - text="...", meaning create ACL from a | textual description | - acl=, meaning create a copy | of an existing ACL instance | - mode=, meaning create an ACL from a numeric mode | (e.g. mode=0644) (this is valid only when the C library | provides the acl_from_mode call) | If no parameters are passed, create an empty ACL; this | makes sense only when your OS supports ACL modification | (i.e. it implements full POSIX.1e support) | | Methods defined here: | | __cmp__(...) | x.__cmp__(y) <==> cmp(x,y) | | __eq__(...) | x.__eq__(y) <==> x==y | | __ge__(...) | x.__ge__(y) <==> x>=y | | __getstate__(...) | Dumps the ACL to an external format. | | __gt__(...) | x.__gt__(y) <==> x>y | | __init__(...) | x.__init__(...) initializes x; see x.__class__.__doc__ for signature | | __iter__(...) | x.__iter__() <==> iter(x) | | __le__(...) | x.__le__(y) <==> x<=y | | __lt__(...) | x.__lt__(y) <==> x x!=y | | __setstate__(...) | Loads the ACL from an external format. | | __str__(...) | x.__str__() <==> str(x) | | append(...) | Append a new Entry to the ACL and return it. | | This is a convenience function to create a new Entry | and append it to the ACL. | If a parameter of type Entry instance is given, the | entry will be a copy of that one (as if copied with | Entry.copy()), otherwise, the new entry will be empty. | | applyto(...) | Apply the ACL to a file or filehandle. | | Parameters: | - either a filename or a file-like object or an integer; this | represents the filesystem object on which to act | - optional flag representing the type of ACL to set, either | ACL_TYPE_ACCESS (default) or ACL_TYPE_DEFAULT | | calc_mask(...) | Compute the file group class mask. | | The calc_mask() method calculates and sets the permissions | associated with the ACL_MASK Entry of the ACL. | The value of the new permissions is the union of the permissions | granted by all entries of tag type ACL_GROUP, ACL_GROUP_OBJ, or | ACL_USER. If the ACL already contains an ACL_MASK entry, its | permissions are overwritten; if it does not contain an ACL_MASK | Entry, one is added. | | The order of existing entries in the ACL is undefined after this | function. | | check(...) | Check the ACL validity. | | This is a non-portable, Linux specific extension that allow more | information to be retrieved in case an ACL is not valid than the | validate() method. | | This method will return either False (the ACL is valid), or a tuple | with two elements. The first element is one of the following | constants: | - ACL_MULTI_ERROR: The ACL contains multiple entries that have a | tag type that may occur at most once | - ACL_DUPLICATE_ERROR: The ACL contains multiple ACL_USER or | ACL_GROUP entries with the same ID | - ACL_MISS_ERROR: A required entry is missing | - ACL_ENTRY_ERROR: The ACL contains an invalid entry tag type | | The second element of the tuple is the index of the entry that is | invalid (in the same order as by iterating over the ACL entry) | | delete_entry(...) | Deletes an entry from the ACL. | | Note: Only with level 2 | Parameters: | - the Entry object which should be deleted; note that after | this function is called, that object is unusable any longer | and should be deleted | | next(...) | x.next() -> the next value, or raise StopIteration | | to_any_text(...) | Convert the ACL to a custom text format. | | This method encapsulates the acl_to_any_text function. It allows a | customized text format to be generated for the ACL. See | acl_to_any_text(3) for more details. | | Parameters: | - prefix: if given, this string will be prepended to all lines | - separator: a single character (defaults to '\n'); this will be | user to separate the entries in the ACL | - options: a bitwise combination of: | TEXT_ABBREVIATE: use 'u' instead of 'user', 'g' instead of | 'group', etc. | TEXT_NUMERIC_IDS: User and group IDs are included as decimal | numbers instead of names | TEXT_SOME_EFFECTIVE: Include comments denoting the effective | permissions when some are masked | TEXT_ALL_EFFECTIVE: Include comments after all ACL entries | affected by an ACL_MASK entry | TEXT_SMART_INDENT: Used in combination with the _EFFECTIVE | options, this will ensure that comments | are alligned to the fourth tab position | (assuming one tab equal eight spaces | | valid(...) | Test the ACL for validity. | | This method tests the ACL to see if it is a valid ACL | in terms of the filesystem. More precisely, it checks that: | | The ACL contains exactly one entry with each of the | ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries | with ACL_USER and ACL_GROUP tag types may appear zero or more | times in an ACL. An ACL that contains entries of ACL_USER or | ACL_GROUP tag types must contain exactly one entry of the | ACL_MASK tag type. If an ACL contains no entries of | ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is optional. | | All user ID qualifiers must be unique among all entries of | the ACL_USER tag type, and all group IDs must be unique among all | entries of ACL_GROUP tag type. | | The method will return 1 for a valid ACL and 0 for an invalid one. | This has been chosen because the specification for acl_valid in | the POSIX.1e standard documents only one possible value for errno | in case of an invalid ACL, so we can't differentiate between | classes of errors. Other suggestions are welcome. | | ---------------------------------------------------------------------- | Data and other attributes defined here: | | __new__ = | T.__new__(S, ...) -> a new object with type S, a subtype of T class Entry(__builtin__.object) | Type which represents an entry in an ACL. | | The type exists only if the OS has full support for POSIX.1e | Can be created either by: | e = posix1e.Entry(myACL) # this creates a new entry in the ACL | or by: | for entry in myACL: | print entry | | Note that the Entry keeps a reference to its ACL, so even if | you delete the ACL, it won't be cleaned up and will continue to | exist until its Entry(ies) will be deleted. | | Methods defined here: | | __init__(...) | x.__init__(...) initializes x; see x.__class__.__doc__ for signature | | __str__(...) | x.__str__() <==> str(x) | | copy(...) | Copy an ACL entry. | | This method sets all the parameters to those of another | entry, even one of another's ACL | Parameters: | - src, instance of type Entry | | ---------------------------------------------------------------------- | Data and other attributes defined here: | | __new__ = | T.__new__(S, ...) -> a new object with type S, a subtype of T | | parent = | The parent ACL of this entry | | permset = | The permission set of this ACL entry | | qualifier = | The qualifier of the current entry | | If the tag type is ACL_USER, this should be a user id. | If the tag type if ACL_GROUP, this should be a group id. | Else, it doesn't matter. | | tag_type = | The tag type of the current entry | | This is one of: | - ACL_UNDEFINED_TAG | - ACL_USER_OBJ | - ACL_USER | - ACL_GROUP_OBJ | - ACL_GROUP | - ACL_MASK | - ACL_OTHER class Permset(__builtin__.object) | Type which represents the permission set in an ACL entry | | The type exists only if the OS has full support for POSIX.1e | Can be created either by: | perms = myEntry.permset | or by: | perms = posix1e.Permset(myEntry) | | Note that the Permset keeps a reference to its Entry, so even if | you delete the entry, it won't be cleaned up and will continue to | exist until its Permset will be deleted. | | Methods defined here: | | __init__(...) | x.__init__(...) initializes x; see x.__class__.__doc__ for signature | | __str__(...) | x.__str__() <==> str(x) | | add(...) | Add a permission to the permission set. | | The add() function adds the permission contained in | the argument perm to the permission set. An attempt | to add a permission that is already contained in the | permission set is not considered an error. | Parameters: | - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ... | Return value: | None | Can raise: IOError | | clear(...) | Clear all permissions from the permission set. | | delete(...) | Delete a permission from the permission set. | | The delete() function deletes the permission contained in | the argument perm from the permission set. An attempt | to delete a permission that is not contained in the | permission set is not considered an error. | Parameters: | - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ... | Return value: | None | Can raise: IOError | | test(...) | Test if a permission exists in the permission set. | | The test() function tests if the permission contained in | the argument perm exits the permission set. | Parameters: | - perm a permission (ACL_WRITE, ACL_READ, ACL_EXECUTE, ... | Return value: | Bool | Can raise: IOError | | ---------------------------------------------------------------------- | Data and other attributes defined here: | | __new__ = | T.__new__(S, ...) -> a new object with type S, a subtype of T | | execute = | Execute permsission | | This is a convenience method of access; the | same effect can be achieved using the functions | add(), test(), delete(), and those can take any | permission defined by your platform. | | read = | Read permsission | | This is a convenience method of access; the | same effect can be achieved using the functions | add(), test(), delete(), and those can take any | permission defined by your platform. | | write = | Write permsission | | This is a convenience method of access; the | same effect can be achieved using the functions | add(), test(), delete(), and those can take any | permission defined by your platform. FUNCTIONS delete_default(...) Delete the default ACL from a directory. This function deletes the default ACL associated with a directory (the ACL which will be ANDed with the mode parameter to the open, creat functions). Parameters: - a string representing the directory whose default ACL should be deleted DATA ACL_DUPLICATE_ERROR = 8192 ACL_ENTRY_ERROR = 16384 ACL_EXECUTE = 1 ACL_GROUP = 8 ACL_GROUP_OBJ = 4 ACL_MASK = 16 ACL_MISS_ERROR = 12288 ACL_MULTI_ERROR = 4096 ACL_OTHER = 32 ACL_READ = 4 ACL_TYPE_ACCESS = 32768 ACL_TYPE_DEFAULT = 16384 ACL_UNDEFINED_TAG = 0 ACL_USER = 2 ACL_USER_OBJ = 1 ACL_WRITE = 2 TEXT_ABBREVIATE = 16 TEXT_ALL_EFFECTIVE = 2 TEXT_NUMERIC_IDS = 8 TEXT_SMART_INDENT = 4 TEXT_SOME_EFFECTIVE = 1