[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Technical Reference: Base Operating System and Extensions, Volume 1


acl_set or acl_fset Subroutine

Purpose

Sets the access control information of a file.

Library

Security Library (libc.a)

Syntax

#include <sys/access.h>


int acl_set (PathOwnerModeGroupModeDefaultMode)
char * Path;
int  OwnerMode;
int  GroupMode;
int  DefaultMode;


int acl_fset (FileDescriptor, OwnerModeGroupModeDefaultMode)
int * FileDescriptor;
int OwnerMode;
int GroupMode;
int DefaultMode;

Description

The acl_set and acl_fset subroutines set the base entries of the Access Control List (ACL) of the file. All other entries are discarded. Other access control attributes are left unchanged.

Parameters


DefaultMode Specifies the access permissions for the default class.
FileDescriptor Specifies the file descriptor of an open file.
GroupMode Specifies the access permissions for the group of the file.
OwnerMode Specifies the access permissions for the owner of the file.
Path Specifies a pointer to the path name of a file.

The mode parameters specify the access permissions in a bit mask containing zero or more of the following values:

R_ACC Authorize read permission.
W_ACC Authorize write permission.
X_ACC Authorize execute or search permission.

Return Values

Upon successful completion, the acl_set and acl_fset subroutines return the value 0. Otherwise, the value -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The acl_set subroutine fails and the access control information for a file remains unchanged if one or more of the following are true:

EACCES Search permission is denied on a component of the Path prefix.
EFAULT The Path parameter points to a location outside of the allocated address space of the process.
ELOOP Too many symbolic links were encountered in translating the Path parameter.
ENAMETOOLONG A component of the Path parameter exceeded 255 characters, or the entire Path parameter exceeded 1023 characters.
ENOENT A component of the Path does not exist or has the disallow truncation attribute (see the ulimit subroutine).
ENOENT The Path parameter was null.
ENOENT A symbolic link was named, but the file to which it refers does not exist.
ENOTDIR A component of the Path prefix is not a directory.
ESTALE The process' root or current directory is located in a virtual file system that has been unmounted.

The acl_fset subroutine fails and the file permissions remain unchanged if the following is true:

EBADF The file descriptor FileDescriptor is not valid.

The acl_set or acl_fset subroutine fails and the access control information for a file remains unchanged if one or more of the following are true:

EIO An I/O error occurred during the operation.
EPERM The effective user ID does not match the ID of the owner of the file and the invoker does not have root user authority.
EROFS The named file resides on a read-only file system.

If Network File System (NFS) is installed on your system, the acl_set and acl_fset subroutines can also fail if the following is true:

ETIMEDOUT The connection timed out.

Security

Access Control: The invoker must have search permission for all components of the Path prefix.

Auditing Events:

Event Information
chacl Path
fchacl FileDescriptor

Implementation Specifics

These subroutines are part of Base Operating System (BOS) Runtime.

Related Information

The acl_chg (acl_chg or acl_fchg Subroutine) subroutine, acl_get (acl_get or acl_fget Subroutine) subroutine, acl_put (acl_put or acl_fput Subroutine) subroutine, chacl (chacl or fchacl Subroutine) subroutine, chmod (chmod or fchmod Subroutine) subroutine, stat subroutine, statacl subroutine.

The aclget command, aclput command, chmod command.

List of Security and Auditing Subroutines and Subroutines Overview in AIX 5L Version 5.1 General Programming Concepts: Writing and Debugging Programs.


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]