1
0
forked from Georg/pyacl
Go to file
Georg Pfuetzenreuter eaf8f6085e
Add proper README
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2024-09-20 19:00:54 +02:00
pyacl Document functions 2024-09-20 18:38:54 +02:00
scripts Add isort script 2024-09-17 23:57:00 +02:00
tests Rename functions 2024-09-20 18:26:08 +02:00
.gitignore Basics 2024-09-16 02:55:05 +02:00
LICENSE Initial commit 2024-09-16 02:46:15 +02:00
pyproject.toml Basics 2024-09-16 02:55:05 +02:00
README.md Add proper README 2024-09-20 19:00:54 +02:00
ruff.toml Implement ACL building/writing 2024-09-17 23:56:46 +02:00
test.sh Test in container 2024-09-16 16:41:55 +02:00

pyacl

Overview

This is a high level abstraction over the great pylibacl library. It removes the need for low level understanding of POSIX.1e by providing an interface similar to what one is used to by common ACL handling tools such as getfacl(1) and setfacl(1). Handling of ACLs in pyacl happens through a map resembling what one would find as a result of calling getfacl(1).

Example

Reading the ACL of a path

The following shows a file at /tmp/testacl1 on which an ACL granting the user georg2 read permissions was applied.

Result from getfacl(1):

$ getfacl -c /tmp/testacl1
getfacl: Removing leading '/' from absolute path names
user::---
user:georg2:r--
group::r--
mask::r--
other::---

Result from pyacl:

>>> from pyacl import acl
>>> acl.parse_acl_from_path('/tmp/testacl1')
{'user': {'georg2': {'read': True, 'write': False, 'execute': False}},
 'group': {None: {'read': True, 'write': False, 'execute': False}},
 'mask': {None: {'read': True, 'write': False, 'execute': False}},
 'other': {None: {'read': False, 'write': False, 'execute': False}}}

Writing an ACL to a path

The following will apply ACL granting the user georg2 read permissions to a file at /tmp/testacl2.

echo hi > /tmp/testacl2

With setfacl(1):

setfacl -m u:georg2:r /tmp/testacl2

With pyacl:

>>> from pyacl import acl
>>> myacl = acl.build_acl(target_name='georg2', target_type='user', read=True, write=False, execute=False)
>>> acl.apply_acl_to_path(myacl, '/tmp/testacl2')

Of course, the build_acl() call could be shortened by omitting default arguments.

Documentation

The functions provided by pyacl are documented through docstrings. Find them in the source code, or by calling help() - example:

>>> from pyacl import acl
>>> help(acl.build_acl)
Help on function build_acl in module pyacl.acl:

build_acl(target_name, target_type, read=False, write=False, execute=False)
    Example usage: build_acl(target_name='georg2', target_type='user', read=True, write=False, execute=True)
    Return: posix1e.ACL

Hacking/Tests

Functionality is tested through pytest. As it requires a certain test user to be present, easiest is to use the purpose-built container image. A wrapper is provided at test.sh.