osezer/pyacl
1
0
Fork 0
forked from Georg/pyacl
Code Pull Requests Activity
21 Commits 1 Branch 1 Tag 97 KiB
Python 96.5%
Shell 3.5%
main
Go to file
Georg Pfuetzenreuter 81c79895ed
Correct README reference in pyproject 
File suffix was changed, reference was forgotten to be updated.

Fixes: eaf8f6085e ("Add proper README")
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2024-09-21 20:13:51 +02:00
pyacl Document functions 2024-09-20 18:38:54 +02:00
scripts Move test.sh 2024-09-20 19:12:28 +02:00
tests Rename functions 2024-09-20 18:26:08 +02:00
.gitignore Basics 2024-09-16 02:55:05 +02:00
LICENSE Initial commit 2024-09-16 02:46:15 +02:00
pyproject.toml Correct README reference in pyproject 2024-09-21 20:13:51 +02:00
README.md Move test.sh 2024-09-20 19:12:28 +02:00
ruff.toml Implement ACL building/writing 2024-09-17 23:56:46 +02:00

README.md

pyacl

Overview

This is a high level abstraction over the great pylibacl library. It removes the need for low level understanding of POSIX.1e by providing an interface similar to what one is used to by common ACL handling tools such as getfacl(1) and setfacl(1). Handling of ACLs in pyacl happens through a map resembling what one would find as a result of calling getfacl(1).

Example

Reading the ACL of a path

The following shows a file at /tmp/testacl1 on which an ACL granting the user georg2 read permissions was applied.

Result from getfacl(1):

$ getfacl -c /tmp/testacl1
getfacl: Removing leading '/' from absolute path names
user::---
user:georg2:r--
group::r--
mask::r--
other::---

Result from pyacl:

>>> from pyacl import acl
>>> acl.parse_acl_from_path('/tmp/testacl1')
{'user': {'georg2': {'read': True, 'write': False, 'execute': False}},
 'group': {None: {'read': True, 'write': False, 'execute': False}},
 'mask': {None: {'read': True, 'write': False, 'execute': False}},
 'other': {None: {'read': False, 'write': False, 'execute': False}}}

Writing an ACL to a path

The following will apply ACL granting the user georg2 read permissions to a file at /tmp/testacl2.

echo hi > /tmp/testacl2

With setfacl(1):

setfacl -m u:georg2:r /tmp/testacl2

With pyacl:

>>> from pyacl import acl
>>> myacl = acl.build_acl(target_name='georg2', target_type='user', read=True, write=False, execute=False)
>>> acl.apply_acl_to_path(myacl, '/tmp/testacl2')

Of course, the build_acl() call could be shortened by omitting default arguments.

Documentation

The functions provided by pyacl are documented through docstrings. Find them in the source code, or by calling help() - example:

>>> from pyacl import acl
>>> help(acl.build_acl)
Help on function build_acl in module pyacl.acl:

build_acl(target_name, target_type, read=False, write=False, execute=False)
    Example usage: build_acl(target_name='georg2', target_type='user', read=True, write=False, execute=True)
    Return: posix1e.ACL

Hacking/Tests

Functionality is tested through pytest. As it requires a certain test user to be present, easiest is to use the purpose-built container image. A wrapper is provided at scripts/test.sh.