Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dg_setoacl(2) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought



dg_setoacl(2)            DG/UX B2 Security R4.12MU02           dg_setoacl(2)


NAME
       dgsetoacl - set the access control list (ACL) on an object

SYNOPSIS
       #include <sys/types.h>
       #include <sys/dgtparms.h>
       #include <sys/acl.h>

       int    dgsetoacl(targtype, targ, type, acl, aclsize, textacl,
              textaclsize)
       int    targtype;
       const void    *targ;
       int    type;
       aclstructt  *acl;
       int    aclsize;
       const char    *textacl;
       int    textaclsize;

   where:
       targtype    A token that identifies the type of object whose ACL is
                    to be set.  The available tokens are defined in
                    sys/dgtparms.h as follows:
                      TFILE  The object is a file identified by a pathname.
                      TFD    The object is a file, socket or pipe
                              identified by a descriptor.
                      TMSG   The object is a message queue identified by a
                              message queue identifier.
                      TSHM   The object is a shared memory segment
                              identified by a shared memory segment
                              identifier.
                      TSEM   The object is a semaphore identified by a
                              semaphore set identifier.

       targ         The address of the identifier of the object whose ACL is
                    to be set.  The value of targtype determines the type
                    of entity that targ points to as follows:
                      TFILE  targ points to a pathname string.
                      TFD    targ points to a file, socket or pipe
                              descriptor.
                      TMSG   targ points to a message queue identifier.
                      TSHM   targ points to shared memory segment
                              identifier.
                      TSEM   targ points to a semaphore set identifier.

       type         ACLTYPEDEFAULT or ACLTYPEACCESS, indicating whether
                    this is an access ACL or a default ACL.  Note that since
                    default ACLs may only be set on directories, when type
                    is ACLTYPEDEFAULT targ must reference a directory.

       acl          The address of an aclstructt containing the binary ACL
                    to be set on the file.

       aclsize      The size, in bytes, of the aclstructt pointed to by
                    acl.  An aclstructt is actually a variable size
                    structure with a fixed "header" (see sys/acl.h).  Note
                    that the macro SIZEOF_ACL_STRUCT(N) can be used to
                    compute the size of an ACL with N entries.

                    If aclsize is zero and type is ACLTYPEDEFAULT then the
                    default acl is deleted.

       textacl      The optional ASCII text ACL that is stored with the
                    object.  If no text ACL exists, the textaclsize
                    parameter must be set to zero.

                    Note that there is no assurance that the binary ACL
                    stored with the object will match the binary ACL
                    generated by converting the ASCII text ACL to binary.
                    Only the binary ACL is used by the reference monitor for
                    access control decisions.

       textaclsize  The size in bytes of the text ACL.  If this parameter is
                    zero, dgsetoacl assumes that there is no text ACL to be
                    set.

DESCRIPTION
       The dgsetoacl system call sets the ACL on the object identified by
       targtype and targ to the ACL passed via the acl parameter.  The ACL
       passed must be a properly formed and valid ACL.  To delete a default
       ACL, write a default ACL with an aclsize of zero.

ACCESS CONTROL
       To set the ACL of an object, a process must have MAC write access to
       the object and must own the object; otherwise a process must have
       appropriate privilege.

       For systems supporting the DG/UX Capability Option, appropriate
       privilege is defined as having one or more specific capabilities
       enabled in the effective capability set of the calling process.  See
       capdefaults(5) for the default capability for this system call.  On
       systems without the DG/UX Capability Option, appropriate privilege
       means that the process has an effective UID of root. See the
       appropriateprivilege(5) man page for more information.

       When the object is a file identified by a pathname the process must
       also have MAC read access to the file's parent directory, and have
       search access to the file's parent directory path.

RETURN VALUE
       0      Successful completion.

       -1     An error occurred.  errno is set to indicate the error.

EXCEPTIONS
       Errno may be set to one of the following error codes:

       EINVAL      The ACL pointed to by acl is not a properly formed ACL,
                   or the aclsize parameter value is inconsistent with the
                   internal values in the ACL.

       EINVAL      The ACL type type is not one of ACLTYPEDEFAULT or
                   ACLTYPEACCESS.

       EINVAL      The target type targtype parameter is not valid.

       EINVAL      The aclsize is zero but type is not ACL_TYPE_DEFAULT.

       EOPNOTSUPP  The target type targtype does not support default and/or
                   access ACL.

       ENOTDIR     The process attempted to set a default ACL on some object
                   other than a directory.

       EPERM       The caller is not the owner of the object and does not
                   have appropriate privilege.

       EACCES      The caller did not have MAC write access to the object.

       EFAULT      One of the parameters specified an area of memory not
                   accessible to the calling process.

       ENOMEM      The operating system was unable to allocate internal
                   memory to process the system call.

SEE ALSO
       dggetoacl(2), capdefaults(5).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026