ACL formats

There are several ways to represent an ACL, depending on how it's to be used.

External form
The exportable, contiguous, persistent representation of an ACL in user-managed space. A program such as tar could (but currently doesn't) use this representation so that it could later restore the ACLs, even on a different filesystem.
Internal form
The internal representation of an ACL in working storage, which you'll work with in your program. As described below, this form uses various data types to represent an ACL, its entries, and each entry's tag and permissions.
text form
The structured textual representation of an ACL, such as getfacl and setfacl use.

The internal form uses the following data types:

A pointer to an opaque ACL data structure in working storage.
An opaque descriptor for an entry in an ACL.
An opaque set of permissions in an ACL entry.
An individual permission; one of:
The type of tag; one of the following:
  • ACL_GROUP — a named group.
  • ACL_GROUP_OBJ — the owning group.
  • ACL_MASK — the maximum permissions allowed for named users, named groups, and the owning group.
  • ACL_OTHER — users whose process attributes don't match any other ACL entry; the "world".
  • ACL_USER — named users.
  • ACL_USER_OBJ — the owning user.
The type of ACL; one of:
  • ACL_TYPE_ACCESS — an access ACL. (If you expand the abbreviation, this term becomes "access access control list", but that's what the POSIX draft called it.)
  • ACL_TYPE_DEFAULT — a default ACL that a directory can have. It specifies the initial ACL for files and directories created in that directory.
    Note: Default ACLs aren't currently implemented.

You can use these functions to translate from one form of an ACL to another:

Copy an ACL from system space to user space (i.e., translate from the external form to the internal).
Copy an ACL from user space to system space (i.e., translate from the internal form to the external).
Create an internal form of an ACL from a text form.
Determine the size of the external form of an ACL.
Convert an internal form of an ACL into a text form.