12288 getfacl and setfacl could stand improvement

Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Approved by: Robert Mustacchi <rm@fingolfin.org>

10 files changed, 103 insertions, 165 deletions

diff --git a/usr/src/cmd/getfacl/Makefile b/usr/src/cmd/getfacl/Makefile
index 8166d04252..77088ad160 100644
--- a/usr/src/cmd/getfacl/Makefile
+++ b/usr/src/cmd/getfacl/Makefile
@@ -23,22 +23,19 @@
 # Copyright (c) 1993,2001 by Sun Microsystems, Inc.
 # All rights reserved.
 #
+# Copyright 2020 Peter Tribble.
+#
 
 PROG= getfacl
 
 include ../Makefile.cmd
 
-CERRWARN += -_gcc=-Wno-unused-variable
-CERRWARN += $(CNOWARN_UNINIT)
-
 .KEEP_STATE:
 
-all: $(PROG) 
+all: $(PROG)
 
 install: all $(ROOTPROG)
 
 clean:
 
-lint:	lint_PROG
-
 include ../Makefile.targ
diff --git a/usr/src/cmd/getfacl/getfacl.c b/usr/src/cmd/getfacl/getfacl.c
index 3310274c12..337a09a960 100644
--- a/usr/src/cmd/getfacl/getfacl.c
+++ b/usr/src/cmd/getfacl/getfacl.c
@@ -21,14 +21,9 @@
 /*
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2020 Peter Tribble.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifndef lint
-static char sccsid[] = "%Z%%M%	%I%	%E% SMI";
-#endif
-
 /*
  * getfacl [-ad] file ...
  * This command displays discretionary information for a file or files.
@@ -73,7 +68,7 @@ main(int argc, char *argv[])
 	int		errflag = 0;
 	int		savecnt;
 	int		aclcnt;
-	int		mask;
+	int		mask = 0;
 	aclent_t	*aclp;
 	aclent_t	*tp;
 	char		*permp;
@@ -116,7 +111,7 @@ main(int argc, char *argv[])
 				    gettext("File system doesn't support "
 				    "aclent_t style ACL's.\n"
 				    "See acl(5) for more information on "
-				    "Solaris ACL support.\n"));
+				    "POSIX-draft ACL support.\n"));
 				exit(2);
 			}
 			perror(filep);
diff --git a/usr/src/cmd/setfacl/Makefile b/usr/src/cmd/setfacl/Makefile
index 5f70a8f4de..503676079f 100644
--- a/usr/src/cmd/setfacl/Makefile
+++ b/usr/src/cmd/setfacl/Makefile
@@ -23,18 +23,12 @@
 # Copyright (c) 1993 by Sun Microsystems, Inc.
 #
 # Copyright (c) 2018, Joyent, Inc.
-
+# Copyright 2020 Peter Tribble.
+#
 PROG= setfacl
 
 include ../Makefile.cmd
 
-CERRWARN += -_gcc=-Wno-unused-variable
-CERRWARN += -_gcc=-Wno-implicit-function-declaration
-CERRWARN += $(CNOWARN_UNINIT)
-
-# not linted
-SMATCH=off
-
 LDLIBS += -lsec
 
 .KEEP_STATE:
@@ -45,6 +39,4 @@ install: all $(ROOTPROG)
 
 clean:
 
-lint:	lint_PROG
-
 include ../Makefile.targ
diff --git a/usr/src/cmd/setfacl/setfacl.c b/usr/src/cmd/setfacl/setfacl.c
index 54e7fa6d2c..d069945661 100644
--- a/usr/src/cmd/setfacl/setfacl.c
+++ b/usr/src/cmd/setfacl/setfacl.c
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2020 Peter Tribble.
  */
 
 /*
@@ -41,6 +42,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <errno.h>
+#include <ctype.h>
 
 #define	ADD	1
 #define	MODIFY	2
@@ -70,7 +72,7 @@ main(int argc, char *argv[])
 	int		errflag = 0;
 	int		aclcnt;			/* used by -m -d */
 	aclent_t	*aclp;			/* used by -m -d */
-	char		*aclfilep;		/* acl file argument */
+	char		*aclfilep = NULL;		/* acl file argument */
 	char		*d_entryp = NULL;	/* ptr to del entry list */
 	char		*m_entryp = NULL;	/* ptr to mod entry list */
 	char		*s_entryp = NULL;	/* ptr to set entry list */
@@ -198,8 +200,8 @@ get_acl_info(char *filep, aclent_t **aclpp)
 			(void) fprintf(stderr,
 			    gettext("File system doesn't support aclent_t "
 			    "style ACL's.\n"
-			    "See acl(5) for more information on"
-			    " ACL styles support by Solaris.\n"));
+			    "See acl(5) for more information on "
+			    "POSIX-draft ACL support.\n"));
 			return (-1);
 		}
 		(void) fprintf(stderr,
@@ -237,10 +239,8 @@ get_acl_info(char *filep, aclent_t **aclpp)
  */
 static int
 mod_entries(aclent_t *aclp, int cnt, char *modp, char *delp,
-	char *fnamep, int rfg)
+    char *fnamep, int rfg)
 {
-	int	rc;		/* return code */
-
 	/* modify and add: from -m option */
 	if (parse_entry_list(&aclp, &cnt, modp, MODIFY) == -1)
 		return (-1);
@@ -342,7 +342,6 @@ set_file_entries(char *acl_fnamep, char *fnamep, int rflag)
 static int
 set_online_entries(char *setp, char *fnamep, int rflag)
 {
-	char		*commap;
 	aclent_t	*aclp;
 	int		aclcnt = 0;
 
@@ -414,17 +413,6 @@ convert_to_aclent_t(char *entryp, int *cntp, aclent_t **aclpp, int mode)
 	if (entryp == NULL)
 		return (0);
 
-	if (*cntp > 1)
-		new_aclp = (aclent_t *)realloc(*aclpp,
-		    sizeof (aclent_t) * (*cntp));
-	else
-		new_aclp = (aclent_t *) malloc(sizeof (aclent_t) * (*cntp));
-	if (new_aclp == NULL) {
-		fprintf(stderr,
-		    gettext("Insufficient memory for acl %d\n"), *cntp);
-		return (-1);
-	}
-
 	tmpacl.a_id = 0;	/* id field needs to be initialized */
 	if (entryp[0] == 'u')
 		tmpacl.a_id = getuid();	/* id field for user */
@@ -442,6 +430,17 @@ convert_to_aclent_t(char *entryp, int *cntp, aclent_t **aclpp, int mode)
 	    (tmpacl.a_type == DEF_GROUP_OBJ) ||
 	    (tmpacl.a_type == DEF_OTHER_OBJ));
 
+	if (*cntp > 1)
+		new_aclp = (aclent_t *)realloc(*aclpp,
+		    sizeof (aclent_t) * (*cntp));
+	else
+		new_aclp = (aclent_t *) malloc(sizeof (aclent_t) * (*cntp));
+	if (new_aclp == NULL) {
+		fprintf(stderr,
+		    gettext("Insufficient memory for acl %d\n"), *cntp);
+		return (-1);
+	}
+
 	cur_cnt = *cntp - 1;
 	switch (mode) {
 	case MODIFY:	/* and add */
@@ -520,7 +519,7 @@ convert_to_aclent_t(char *entryp, int *cntp, aclent_t **aclpp, int mode)
 		if (centry != NULL && gentry != NULL && trivial == B_TRUE)
 			centry->a_perm = gentry->a_perm;
 	}
-	*aclpp = new_aclp; 	/* return new acl entries */
+	*aclpp = new_aclp;	/* return new acl entries */
 	return (0);
 }
 
diff --git a/usr/src/man/man1/getfacl.1 b/usr/src/man/man1/getfacl.1
index a90b61deff..8eca23b106 100644
--- a/usr/src/man/man1/getfacl.1
+++ b/usr/src/man/man1/getfacl.1
@@ -1,20 +1,18 @@
 '\" te
 .\" \&.Copyright (c) 2002, Sun Microsystems, Inc.  All Rights Reserved
+.\" Copyright (c) 2020 Peter Tribble.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH GETFACL 1 "Nov 5, 1994"
+.TH GETFACL 1 "Feb 8, 2020"
 .SH NAME
 getfacl \- display discretionary file information
 .SH SYNOPSIS
-.LP
 .nf
 \fBgetfacl\fR [\fB-ad\fR] \fIfile\fR...
 .fi
 
 .SH DESCRIPTION
-.sp
-.LP
 For each argument that is a regular file, special file, or named pipe, the
 \fBgetfacl\fR utility displays the owner, the group, and the Access Control
 List (\fBACL\fR). For each directory argument, \fBgetfacl\fR displays the
@@ -22,6 +20,13 @@ owner, the group, and the \fBACL\fR and/or the default \fBACL\fR. Only
 directories contain default \fBACL\fRs.
 .sp
 .LP
+The \fBgetfacl\fR utility will fail if executed on a file system that supports
+NFSv4 \fBACL\fRs.  See \fBacl\fR(5) for a description of the difference
+between the older POSIX-draft \fBACL\fRs and the newer NFSv4 \fBACL\fRs.  The
+\fBls\fR(1) utility, when used with the \fB-v\fR or \fB-V\fR options, will
+display \fBACL\fRs on all types of file system.
+.sp
+.LP
 The \fBgetfacl\fR utility may be executed on a file system that does not
 support \fBACL\fRs. It reports the \fBACL\fR based on the base permission bits.
 .sp
@@ -30,8 +35,6 @@ With no options specified, \fBgetfacl\fR displays the filename, the file owner,
 the file group owner, and both the \fBACL\fR and the default \fBACL\fR, if it
 exists.
 .SH OPTIONS
-.sp
-.LP
 The following options are supported:
 .sp
 .ne 2
@@ -54,8 +57,6 @@ Displays the filename, the file owner, the file group owner, and the default
 .RE
 
 .SH OPERANDS
-.sp
-.LP
 The following operands are supported:
 .sp
 .ne 2
@@ -67,26 +68,24 @@ The path name of a regular file, special file, or named pipe.
 .RE
 
 .SH OUTPUT
-.sp
-.LP
 The format for \fBACL\fR output is as follows:
 .sp
 .in +2
 .nf
-# file: filename	
-# owner: uid	
-# group: gid	
-user::perm	
-user:uid:perm	
-group::perm	
-group:gid:perm	
-mask:perm	
-other:perm	
-default:user::perm	
-default:user:uid:perm	
-default:group::perm	
-default:group:gid:perm	
-default:mask:perm	
+# file: filename
+# owner: uid
+# group: gid
+user::perm
+user:uid:perm
+group::perm
+group:gid:perm
+mask:perm
+other:perm
+default:user::perm
+default:user:uid:perm
+default:group::perm
+default:group:gid:perm
+default:mask:perm
 default:other:perm
 .fi
 .in -2
@@ -115,7 +114,7 @@ permissions that are granted to the specified users.
 .LP
 The \fBgroup\fR entry without a group \fBID\fR indicates the permissions that
 are granted to the file group owner. One or more additional group entries
-indicate the permissions that  are granted to the specified groups.
+indicate the permissions that are granted to the specified groups.
 .sp
 .LP
 The \fBmask\fR entry indicates the \fBACL\fR mask permissions. These are the
@@ -143,18 +142,17 @@ character \fB\(mi\fR\&. The \fBperm\fR is displayed in the following order:
 holder character appears.
 .sp
 .LP
-If  you use the \fBchmod\fR(1) command to change the file group owner
+If you use the \fBchmod\fR(1) command to change the file group owner
 permissions on a file with \fBACL\fR entries, both the file group owner
 permissions and the \fBACL\fR mask are changed to the new permissions. Be aware
 that the new \fBACL\fR mask permissions may change the effective permissions
 for additional users and groups who have \fBACL\fR entries on the file.
 .sp
 .LP
-In order to indicate that the \fBACL\fR mask  restricts an \fBACL\fR entry,
+In order to indicate that the \fBACL\fR mask restricts an \fBACL\fR entry,
 \fBgetfacl\fR displays an additional tab character, pound sign (\fB#\fR), and
 the actual permissions granted, following the entry.
 .SH EXAMPLES
-.LP
 \fBExample 1 \fRDisplaying file information
 .sp
 .LP
@@ -258,7 +256,6 @@ default:other::\|\(mi\|\(mi\|\(mi
 .sp
 
 .SH FILES
-.sp
 .ne 2
 .na
 \fB\fB/etc/passwd\fR\fR
@@ -277,8 +274,6 @@ group file
 .RE
 
 .SH ATTRIBUTES
-.sp
-.LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
@@ -293,13 +288,10 @@ Interface Stability	Evolving
 .TE
 
 .SH SEE ALSO
-.sp
-.LP
 \fBchmod\fR(1), \fBls\fR(1), \fBsetfacl\fR(1), \fBacl\fR(2),
-\fBaclsort\fR(3SEC), \fBgroup\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5)
+\fBaclsort\fR(3SEC), \fBgroup\fR(4), \fBpasswd\fR(4), \fBacl\fR(5),
+\fBattributes\fR(5)
 .SH NOTES
-.sp
-.LP
 The output from \fBgetfacl\fR is in the correct format for input to the
 \fBsetfacl\fR \fB-f\fR command. If the output from \fBgetfacl\fR is redirected
 to a file, the file may be used as input to \fBsetfacl\fR. In this way, a user
diff --git a/usr/src/man/man1/setfacl.1 b/usr/src/man/man1/setfacl.1
index 11c7b644f3..526e2c0321 100644
--- a/usr/src/man/man1/setfacl.1
+++ b/usr/src/man/man1/setfacl.1
@@ -1,13 +1,13 @@
 '\" te
 .\"  Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved
+.\" Copyright (c) 2020 Peter Tribble.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH SETFACL 1 "Dec 19, 2006"
+.TH SETFACL 1 "Feb 8, 2020"
 .SH NAME
 setfacl \- modify the Access Control List (ACL) for a file or files
 .SH SYNOPSIS
-.LP
 .nf
 \fBsetfacl\fR [\fB-r\fR] \fB-s\fR \fIacl_entries\fR \fIfile\fR
 .fi
@@ -23,14 +23,18 @@ setfacl \- modify the Access Control List (ACL) for a file or files
 .fi
 
 .SH DESCRIPTION
-.sp
-.LP
 For each file specified, \fBsetfacl\fR either replaces its entire \fBACL\fR,
 including the default \fBACL\fR on a directory, or it adds, modifies, or
 deletes one or more \fBACL\fR entries, including default entries on
 directories.
 .sp
 .LP
+The \fBsetfacl\fR utility can only manipulate POSIX-draft \fBACL\fRs.  See
+\fBacl\fR(5) for a description of the difference between the older POSIX-draft
+\fBACL\fRs and the newer NFSv4 \fBACL\fRs.  The \fBchmod\fR(1) utility can
+be used to manipulate \fBACL\fRs on all types of file system.
+.sp
+.LP
 When the \fBsetfacl\fR command is used, it can result in changes to the file
 permission bits. When the user \fBACL\fR entry for the file owner is changed,
 the file owner class permission bits are modified. When the group \fBACL\fR
@@ -63,8 +67,6 @@ supports POSIX-draft ACLS (or \fBaclent_t\fR style ACLs). Use the \fBchmod\fR
 command to set ACLs on files in a ZFS file system, which supports NFSv4-style
 ACLS (or \fBace_t\fR style ACLs).
 .SS "\fIacl_entries\fR Syntax"
-.sp
-.LP
 For the \fB-m\fR and \fB-s\fR options, \fIacl_entries\fR are one or more
 comma-separated \fBACL\fR entries.
 .sp
@@ -114,12 +116,12 @@ c c
 l l .
 \fBACL\fR Entry	Description
 _
-u[ser]::\fIperms\fR 	File owner permissions.
-g[roup]::\fIperms\fR 	File group owner permissions.
-o[ther]:\fIperms\fR 	T{
+u[ser]::\fIperms\fR	File owner permissions.
+g[roup]::\fIperms\fR	File group owner permissions.
+o[ther]:\fIperms\fR	T{
 Permissions for users other than the file owner or members of file group owner.
 T}
-m[ask]:\fIperms\fR 	T{
+m[ask]:\fIperms\fR	T{
 The \fBACL\fR mask. The mask entry indicates the maximum permissions allowed for users (other than the owner) and for groups. The mask is a quick way to change permissions on all the users and groups.
 T}
 u[ser]:\fIuid:perms\fR	T{
@@ -128,12 +130,12 @@ T}
 g[roup]:\fIgid:perms\fR	T{
 Permissions for a specific group. For \fIgid\fR, you can specify either a group name or a numeric GID.
 T}
-d[efault]:u[ser]::\fIperms\fR 	Default file owner permissions.
-d[efault]:g[roup]::\fIperms\fR 	Default file group owner permissions.
-d[efault]:o[ther]:\fIperms\fR 	T{
+d[efault]:u[ser]::\fIperms\fR	Default file owner permissions.
+d[efault]:g[roup]::\fIperms\fR	Default file group owner permissions.
+d[efault]:o[ther]:\fIperms\fR	T{
 Default permissions for users other than the file owner or members of the file group owner.
 T}
-d[efault]:m[ask]:\fIperms\fR 	Default \fBACL\fR mask.
+d[efault]:m[ask]:\fIperms\fR	Default \fBACL\fR mask.
 d[efault]:u[ser]:\fIuid\fR:\fIperms\fR	T{
 Default permissions for a specific user. For \fIuid\fR, you can specify either a user name or a numeric UID.
 T}
@@ -148,8 +150,6 @@ For the \fB-d\fR option, \fIacl_entries\fR are one or more comma-separated
 \fBACL\fR entries without permissions. Notice that the entries for file owner,
 file group owner, \fBACL\fR mask, and others can not be deleted.
 .SH OPTIONS
-.sp
-.LP
 The options have the following meaning:
 .sp
 .ne 2
@@ -293,7 +293,6 @@ group\fR entries with the same \fIgid\fR.
 .RE
 
 .SH EXAMPLES
-.LP
 \fBExample 1 \fRAdding read permission only
 .sp
 .LP
@@ -353,7 +352,6 @@ The following example sets the same \fBACL\fR on file \fBabc\fR as the file
 .sp
 
 .SH FILES
-.sp
 .ne 2
 .na
 \fB\fB/etc/passwd\fR\fR
@@ -372,7 +370,6 @@ group file
 .RE
 
 .SH SEE ALSO
-.sp
-.LP
 \fBchmod\fR(1), \fBgetfacl\fR(1), \fBumask\fR(1), \fBaclcheck\fR(3SEC),
-\fBaclsort\fR(3SEC), \fBgroup\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5)
+\fBaclsort\fR(3SEC), \fBgroup\fR(4), \fBpasswd\fR(4), \fBacl\fR(5),
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sec/acl_totext.3sec b/usr/src/man/man3sec/acl_totext.3sec
index 6e55c2323c..8524d144e5 100644
--- a/usr/src/man/man3sec/acl_totext.3sec
+++ b/usr/src/man/man3sec/acl_totext.3sec
@@ -8,7 +8,6 @@
 acl_totext, acl_fromtext \- convert internal representation  to or from
 external representation
 .SH SYNOPSIS
-.LP
 .nf
 cc [ \fIflag\fR\&.\|.\|. ] \fIfile\fR\&.\|.\|. \fB-lsec\fR [ \fIlibrary\fR\&.\|.\|. ]
 #include <sys/acl.h>
@@ -22,8 +21,6 @@ cc [ \fIflag\fR\&.\|.\|. ] \fIfile\fR\&.\|.\|. \fB-lsec\fR [ \fIlibrary\fR\&.\|.
 .fi
 
 .SH DESCRIPTION
-.sp
-.LP
 The \fBacl_totext()\fR function converts an internal ACL representation pointed
 to by \fIaclp\fR into an external ACL representation. The memory for the
 external text string is obtained using \fBmalloc\fR(3C). The caller is
@@ -50,7 +47,7 @@ detailed in \fBls\fR(1) for the \fB-V\fR option.
 .ad
 .RS 19n
 Append the \fBuid\fR or \fBgid\fR for additional user or group entries.  This
-flag is used to construt ACL entries in a manner that is suitable for archive
+flag is used to construct ACL entries in a manner that is suitable for archive
 utilities such as \fBtar\fR(1). When the ACL is translated from the external
 format to internal representation using \fBacl_fromtext()\fR, the appended ID
 will be used to populate the \fBuid\fR or \fBgid\fR field of the ACL entry when
@@ -611,8 +608,6 @@ The mask specified in field three should be denied.
 .RE
 
 .SH RETURN VALUES
-.sp
-.LP
 Upon successful completion, the \fBacl_totext()\fR function returns a pointer
 to a text string. Otherwise, it returns \fINULL\fR.
 .sp
@@ -701,7 +696,6 @@ Unknown data was found in the ACL.
 .RE
 
 .SH EXAMPLES
-.LP
 \fBExample 1 \fRExamples of permissions when \fBACL_COMPACT_FMT\fR is not
 specified.
 .sp
@@ -740,8 +734,6 @@ owner@:----------c---:------allow,user:tom:r-------------:f-i---:deny
 .sp
 
 .SH ATTRIBUTES
-.sp
-.LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
@@ -758,7 +750,5 @@ MT-Level	Safe
 .TE
 
 .SH SEE ALSO
-.sp
-.LP
 \fBls\fR(1), \fBtar\fR(1), \fBacl\fR(2), \fBmalloc\fR(3C),
 \fBaclfromtext\fR(3SEC), \fBacl\fR(5), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sec/aclcheck.3sec b/usr/src/man/man3sec/aclcheck.3sec
index 85c3aba921..61cf6db1fa 100644
--- a/usr/src/man/man3sec/aclcheck.3sec
+++ b/usr/src/man/man3sec/aclcheck.3sec
@@ -7,7 +7,6 @@
 .SH NAME
 aclcheck \- check the validity of an ACL
 .SH SYNOPSIS
-.LP
 .nf
 \fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lsec\fR [ \fIlibrary\fR... ]
 #include <sys/acl.h>
@@ -16,8 +15,6 @@ aclcheck \- check the validity of an ACL
 .fi
 
 .SH DESCRIPTION
-.sp
-.LP
 The \fBaclcheck()\fR function checks the validity of an \fBACL\fR pointed to by
 \fIaclbufp.\fR The \fInentries\fR argument is the number of entries contained
 in the buffer. The \fIwhich\fR parameter returns the index of the first entry
@@ -115,13 +112,11 @@ exactly one \fBDEF_CLASS_OBJ\fR (default \fBACL\fR mask) entry.
 .ie t \(bu
 .el o
 If any of the above rules are violated, then the function fails with
-\fBerrno\fR set to  \fBEINVAL\fR.
+\fBerrno\fR set to \fBEINVAL\fR.
 .RE
 .SH RETURN VALUES
-.sp
-.LP
-If the \fBACL\fR is valid, \fBalcheck()\fR will return \fB0\fR. Otherwise
-\fBerrno\fR is set to \fBEINVAL\fR and return code is set to one of the
+If the \fBACL\fR is valid, \fBaclcheck()\fR will return \fB0\fR. Otherwise
+\fBerrno\fR is set to \fBEINVAL\fR and \fBaclcheck()\fR will return one of the
 following:
 .sp
 .ne 2
@@ -199,8 +194,6 @@ The system cannot allocate any memory. The \fBwhich\fR parameter returns
 .RE
 
 .SH ATTRIBUTES
-.sp
-.LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
@@ -217,6 +210,4 @@ MT-Level	Unsafe
 .TE
 
 .SH SEE ALSO
-.sp
-.LP
 \fBacl\fR(2), \fBaclsort\fR(3SEC), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sec/acltotext.3sec b/usr/src/man/man3sec/acltotext.3sec
index 23dea4c0d8..06bf4def79 100644
--- a/usr/src/man/man3sec/acltotext.3sec
+++ b/usr/src/man/man3sec/acltotext.3sec
@@ -8,7 +8,6 @@
 acltotext, aclfromtext \- convert internal representation to or from external
 representation
 .SH SYNOPSIS
-.LP
 .nf
 \fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lsec\fR [ \fIlibrary\fR... ]
 #include <sys/acl.h>
@@ -22,12 +21,10 @@ representation
 .fi
 
 .SH DESCRIPTION
-.sp
-.LP
 The \fBacltotext()\fR function converts an internal \fBACL\fR representation
 pointed to by \fIaclbufp\fR into an external \fBACL\fR representation. The
 space for the external text string is obtained using \fBmalloc\fR(3C). The
-caller is responsible for freeing the space upon completion..
+caller is responsible for freeing the space upon completion.
 .sp
 .LP
 The \fBaclfromtext()\fR function converts an external \fBACL\fR representation
@@ -206,8 +203,6 @@ no access
 .RE
 
 .SH RETURN VALUES
-.sp
-.LP
 Upon successful completion, the \fBacltotext()\fR function returns a pointer to
 a text string. Otherwise, it returns \fBNULL\fR.
 .sp
@@ -215,8 +210,6 @@ a text string. Otherwise, it returns \fBNULL\fR.
 Upon successful completion, the \fBaclfromtext()\fR function returns a pointer
 to a list of \fBACL\fR entries. Otherwise, it returns \fBNULL\fR.
 .SH ATTRIBUTES
-.sp
-.LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
@@ -233,6 +226,4 @@ MT-Level	Unsafe
 .TE
 
 .SH SEE ALSO
-.sp
-.LP
 \fBacl\fR(2), \fBmalloc\fR(3C), \fBattributes\fR(5)
diff --git a/usr/src/man/man5/acl.5 b/usr/src/man/man5/acl.5
index b1db6df1ae..cc42c5d4df 100644
--- a/usr/src/man/man5/acl.5
+++ b/usr/src/man/man5/acl.5
@@ -1,17 +1,17 @@
 '\" te
+.\" Copyright (c) 2020 Peter Tribble.
 .\" Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH ACL 5 "Nov 24, 2014"
+.TH ACL 5 "Feb 8, 2020"
 .SH NAME
 acl \- Access Control Lists
 .SH DESCRIPTION
-.LP
 Access control lists (ACLs) are discretionary access control mechanisms that
 grant and deny access to files and directories. Two different ACL models are
-supported in the Solaris release: POSIX-draft ACLs and NFSv4 ACLs.
+supported in this release: POSIX-draft ACLs and NFSv4 ACLs.
 .sp
 .LP
 The older, POSIX-draft model is supported by the UFS file system. This model is
@@ -23,10 +23,9 @@ The other model is based on the standards of the NFSv4 working group and is an
 approved standard from the Internet Engineering Task Force (IETF). The ZFS file
 system uses the NFSv4 model, and provides richer semantics and finer grained
 permission capabilities than the POSIX-draft model.
-.SS "\fBPOSIX\fR-draft \fBACL\fRs"
-.LP
+.SS "POSIX-draft ACLs"
 POSIX-draft ACLs provide an alternative security mechanism to basic UNIX file
-permissions in the Solaris release. Their purpose is to further restrict access
+permissions. Their purpose is to further restrict access
 to files and directories or to extend permissions to a particular user. ACLs
 can be used to change the permissions for the standard owner, group and other
 class bits of a file's mode. ACLs can give additional users and groups access
@@ -104,9 +103,8 @@ user:joe:rw-
 .in -2
 .sp
 
-.SS "\fBNFS\fRv4 \fBACL\fRs"
-.LP
-NFSv4 ACL model is based loosely on the Windows NT ACL model. NFSv4 ACLs
+.SS "NFSv4 ACLs"
+The NFSv4 ACL model is based loosely on the Windows NT ACL model. NFSv4 ACLs
 provide a much richer ACL model than POSIX-draft ACLs.
 .sp
 .LP
@@ -151,7 +149,7 @@ subdirectories of the directory.
 .ie t \(bu
 .el o
 NFSv4 ACLs provide a mechanism for hooking into a system's audit trail.
-Currently, Solaris does not support this mechanism.
+Currently, illumos does not support this mechanism.
 .RE
 .RS +4
 .TP
@@ -540,10 +538,9 @@ user:fred:rwR:f------:allow
 .in -2
 .sp
 
-.SS "Shell-level Solaris \fBAPI\fR"
-.LP
-The Solaris command interface supports the manipulation of ACLs. The following
-Solaris utilities accommodate both ACL models:
+.SS "Shell-level API"
+Several utilities support the manipulation of ACLs. The following
+utilities accommodate both ACL models:
 .sp
 .ne 2
 .na
@@ -656,12 +653,11 @@ When a file with an ACL is unpacked, the unpacked file retains the ACL
 information.
 .RE
 
-.SS "Application-level \fBAPI\fR"
-.LP
+.SS "Application-level API"
 The primary interfaces required to access file system ACLs at the programmatic
 level are the \fBacl_get()\fR and \fBacl_set()\fR functions. These functions
-support both POSIX draft ACLs and NFSv4 ACLs.
-.SS "Retrieving a file's \fBACL\fR"
+support both POSIX-draft ACLs and NFSv4 ACLs.
+.SS "Retrieving a file's ACL"
 .in +2
 .nf
 int acl_get(const char *path, int flag, acl_t **aclp);
@@ -671,23 +667,23 @@ int facl_get(int fd, int flag, acl_t **aclp);
 
 .sp
 .LP
-The \fBacl_get\fR(3SEC) and \fBfacl_get\fR(3SEC) functions retrieves an ACL on
+The \fBacl_get\fR(3SEC) and \fBfacl_get\fR(3SEC) functions retrieve an ACL on
 a file whose name is given by path or referenced by the open file descriptor
 fd. The flag argument specifies whether a trivial ACL should be retrieved. When
-the flag argument equals \fBACL_NO_TRIVIAL\fR then only ACLs that are not
+the flag argument equals \fBACL_NO_TRIVIAL\fR only ACLs that are not
 trivial are retrieved. The ACL is returned in the \fBaclp\fR argument.
-.SS "Freeing \fBACL\fR structure"
+.SS "Freeing ACL structure"
 .in +2
 .nf
-void acl_free(acl_t *aclp)s;
+void acl_free(acl_t *aclp);
 .fi
 .in -2
 
 .sp
 .LP
 The \fBacl_free()\fR function frees up memory allocated for the argument
-\fBaclp;\fR.
-.SS "Setting an \fBACL\fR on a file"
+\fBaclp\fR.
+.SS "Setting an ACL on a file"
 .in +2
 .nf
 int acl_set(const char *path, acl_t *aclp);
@@ -700,10 +696,10 @@ int facl_set(int fd, acl_t *aclp);
 The \fBacl_set\fR(3SEC) and \fBfacl_get\fR(3SEC) functions are used for setting
 an ACL on a file whose name is given by path or referenced by the open file
 descriptor \fBfd\fR. The \fBaclp\fR argument specifies the ACL to set. The
-\fBacl_set\fR(3SEC) translates an POSIX-draft ACL into a NFSv4 ACL when the
-target file systems supports NFSv4 ACLs. No translation is performed when
+\fBacl_set\fR(3SEC) function translates a POSIX-draft ACL into a NFSv4 ACL when
+the target file system supports NFSv4 ACLs. No translation is performed when
 trying to set an NFSv4 ACL on a POSIX-draft ACL supported file system.
-.SS "Determining an \fBACL\fR's trivialness"
+.SS "Determining an ACL's trivialness"
 .in +2
 .nf
 int acl_trivial(const char *path);
@@ -714,7 +710,7 @@ int acl_trivial(const char *path);
 .LP
 The \fBacl_trivial()\fR function is used to determine whether a file has a
 trivial ACL.
-.SS "Removing all \fBACL\fRs from a file"
+.SS "Removing all ACLs from a file"
 .in +2
 .nf
 int acl_strip(const char *path, uid_t uid, gid_t gid, mode_t mode);
@@ -727,7 +723,7 @@ The \fBacl_strip()\fR function removes all ACLs from a file and replaces them
 with a trivial ACL based off of the passed in argument mode. After replacing
 the ACL the owner and group of the file are set to the values specified in the
 uid and gid parameters.
-.SS "Converting \fBACL\fRs to/from external representation"
+.SS "Converting ACLs to/from external representation"
 .in +2
 .nf
 int acl_fromtext(const char *path, acl_t **aclp);
@@ -742,11 +738,10 @@ to by aclp into an external representation. See \fBDESCRIPTION\fR for details
 about external representation.
 .sp
 .LP
-The \fBacl_fromtext()\fR functions converts and external representation into an
+The \fBacl_fromtext()\fR function converts an external representation into an
 internal representation. See \fBDESCRIPTION\fR for details about external
 representation.
 .SH EXAMPLES
-.LP
 The following examples demonstrate how the API can be used to perform basic
 operations on ACLs.
 .LP
@@ -831,7 +826,6 @@ error = acl_strip("file", 10, 100, 0644);
 .in -2
 
 .SH SEE ALSO
-.LP
 \fBchgrp\fR(1), \fBchmod\fR(1), \fBchown\fR(1), \fBcp\fR(1), \fBcpio\fR(1),
 \fBfind\fR(1), \fBls\fR(1), \fBmv\fR(1), \fBtar\fR(1), \fBsetfacl\fR(1),
 \fBchmod\fR(2), \fBacl\fR(2), \fBstat\fR(2), \fBacl_get\fR(3SEC),