dg_setoacl(2) DG/UX B2 Security R4.12MU02 dg_setoacl(2)
NAME
dgsetoacl - set the access control list (ACL) on an object
SYNOPSIS
#include <sys/types.h>
#include <sys/dgtparms.h>
#include <sys/acl.h>
int dgsetoacl(targtype, targ, type, acl, aclsize, textacl,
textaclsize)
int targtype;
const void *targ;
int type;
aclstructt *acl;
int aclsize;
const char *textacl;
int textaclsize;
where:
targtype A token that identifies the type of object whose ACL is
to be set. The available tokens are defined in
sys/dgtparms.h as follows:
TFILE The object is a file identified by a pathname.
TFD The object is a file, socket or pipe
identified by a descriptor.
TMSG The object is a message queue identified by a
message queue identifier.
TSHM The object is a shared memory segment
identified by a shared memory segment
identifier.
TSEM The object is a semaphore identified by a
semaphore set identifier.
targ The address of the identifier of the object whose ACL is
to be set. The value of targtype determines the type
of entity that targ points to as follows:
TFILE targ points to a pathname string.
TFD targ points to a file, socket or pipe
descriptor.
TMSG targ points to a message queue identifier.
TSHM targ points to shared memory segment
identifier.
TSEM targ points to a semaphore set identifier.
type ACLTYPEDEFAULT or ACLTYPEACCESS, indicating whether
this is an access ACL or a default ACL. Note that since
default ACLs may only be set on directories, when type
is ACLTYPEDEFAULT targ must reference a directory.
acl The address of an aclstructt containing the binary ACL
to be set on the file.
aclsize The size, in bytes, of the aclstructt pointed to by
acl. An aclstructt is actually a variable size
structure with a fixed "header" (see sys/acl.h). Note
that the macro SIZEOF_ACL_STRUCT(N) can be used to
compute the size of an ACL with N entries.
If aclsize is zero and type is ACLTYPEDEFAULT then the
default acl is deleted.
textacl The optional ASCII text ACL that is stored with the
object. If no text ACL exists, the textaclsize
parameter must be set to zero.
Note that there is no assurance that the binary ACL
stored with the object will match the binary ACL
generated by converting the ASCII text ACL to binary.
Only the binary ACL is used by the reference monitor for
access control decisions.
textaclsize The size in bytes of the text ACL. If this parameter is
zero, dgsetoacl assumes that there is no text ACL to be
set.
DESCRIPTION
The dgsetoacl system call sets the ACL on the object identified by
targtype and targ to the ACL passed via the acl parameter. The ACL
passed must be a properly formed and valid ACL. To delete a default
ACL, write a default ACL with an aclsize of zero.
ACCESS CONTROL
To set the ACL of an object, a process must have MAC write access to
the object and must own the object; otherwise a process must have
appropriate privilege.
For systems supporting the DG/UX Capability Option, appropriate
privilege is defined as having one or more specific capabilities
enabled in the effective capability set of the calling process. See
capdefaults(5) for the default capability for this system call. On
systems without the DG/UX Capability Option, appropriate privilege
means that the process has an effective UID of root. See the
appropriateprivilege(5) man page for more information.
When the object is a file identified by a pathname the process must
also have MAC read access to the file's parent directory, and have
search access to the file's parent directory path.
RETURN VALUE
0 Successful completion.
-1 An error occurred. errno is set to indicate the error.
EXCEPTIONS
Errno may be set to one of the following error codes:
EINVAL The ACL pointed to by acl is not a properly formed ACL,
or the aclsize parameter value is inconsistent with the
internal values in the ACL.
EINVAL The ACL type type is not one of ACLTYPEDEFAULT or
ACLTYPEACCESS.
EINVAL The target type targtype parameter is not valid.
EINVAL The aclsize is zero but type is not ACL_TYPE_DEFAULT.
EOPNOTSUPP The target type targtype does not support default and/or
access ACL.
ENOTDIR The process attempted to set a default ACL on some object
other than a directory.
EPERM The caller is not the owner of the object and does not
have appropriate privilege.
EACCES The caller did not have MAC write access to the object.
EFAULT One of the parameters specified an area of memory not
accessible to the calling process.
ENOMEM The operating system was unable to allocate internal
memory to process the system call.
SEE ALSO
dggetoacl(2), capdefaults(5).
Licensed material--property of copyright holder(s)