-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathacl_linux.go
115 lines (101 loc) · 2.2 KB
/
acl_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// Copyright (c) 2015 Joseph Naegele. See LICENSE file.
package acl
// #include <sys/acl.h>
// #include <acl/libacl.h>
// #cgo linux LDFLAGS: -lacl
import "C"
import (
"fmt"
"os"
)
const (
TagUserObj Tag = C.ACL_USER_OBJ
TagUser Tag = C.ACL_USER
TagGroupObj Tag = C.ACL_GROUP_OBJ
TagGroup Tag = C.ACL_GROUP
TagMask Tag = C.ACL_MASK
TagOther Tag = C.ACL_OTHER
PermRead Perm = C.ACL_READ
PermWrite Perm = C.ACL_WRITE
)
func (acl *ACL) addBaseEntries(path string) error {
fi, err := os.Stat(path)
if err != nil {
return err
}
mode := fi.Mode().Perm()
var r, w, e bool
// Set USER_OBJ entry
r = mode&userRead == userRead
w = mode&userWrite == userWrite
e = mode&userExec == userExec
if err := acl.addBaseEntryFromMode(TagUserObj, r, w, e); err != nil {
return err
}
// Set GROUP_OBJ entry
r = mode&groupRead == groupRead
w = mode&groupWrite == groupWrite
e = mode&groupExec == groupExec
if err := acl.addBaseEntryFromMode(TagGroupObj, r, w, e); err != nil {
return err
}
// Set OTHER entry
r = mode&otherRead == otherRead
w = mode&otherWrite == otherWrite
e = mode&otherExec == otherExec
if err := acl.addBaseEntryFromMode(TagOther, r, w, e); err != nil {
return err
}
return nil
}
func (acl *ACL) addBaseEntryFromMode(tag Tag, read, write, execute bool) error {
e, err := acl.CreateEntry()
if err != nil {
return err
}
if err = e.SetTag(tag); err != nil {
return err
}
p, err := e.GetPermset()
if err != nil {
return err
}
if err := p.addPermsFromMode(read, write, execute); err != nil {
return err
}
return nil
}
func (p *Permset) addPermsFromMode(read, write, execute bool) error {
if read {
if err := p.AddPerm(PermRead); err != nil {
return err
}
}
if write {
if err := p.AddPerm(PermWrite); err != nil {
return err
}
}
if execute {
if err := p.AddPerm(PermExecute); err != nil {
return err
}
}
return nil
}
func (pset *Permset) String() string {
r, w, e := '-', '-', '-'
rv, _ := C.acl_get_perm(pset.p, C.ACL_READ)
if rv > 0 {
r = 'r'
}
rv, _ = C.acl_get_perm(pset.p, C.ACL_WRITE)
if rv > 0 {
w = 'w'
}
rv, _ = C.acl_get_perm(pset.p, C.ACL_EXECUTE)
if rv > 0 {
e = 'e'
}
return fmt.Sprintf("%c%c%c", r, w, e)
}