Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ aclipc(2) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

acl(2)

aclsort(3C)

intro(2)

msgget(2)

semget(2)

shmget(2)






       aclipc(2)                                                  aclipc(2)


       NAME
             aclipc - get or set an IPC object's ACL, return the number of
             ACL entries

       SYNOPSIS
             #include <sys/types.h>
             #include <acl.h>
             int aclipc(int type, int id, int cmd,
                   int nentries, struct acl *aclbufp);

       DESCRIPTION
             aclipc gets or sets an IPC object's ACL, or returns the number
             of ACL entries.  To get the ACL, the user must have read
             access to the object.  To set an ACL, the user must be the
             owner or creator of the object or have the P_OWNER privilege.

             nentries  specifies how many ACL entries fit into buffer
                       aclbufp.

             aclbufp   is a pointer to the acl struct which contains the
                       following fields:
                            int  a_type;   /* entry type */
                            uid_t          a_id;/* user or group ID */
                            ushort         a_perm;/* entry permissions */

                       The values for a_type are:

                       USER_OJB    Permissions for the owner of the object.

                       USER        Permissions for additional users.

                       GROUP_OBJ   Permissions for members of the owning
                                   group of the object.

                       GROUP       Permissions for members of additional
                                   groups.

                       CLASS_OBJ   Maximum permissions granted to the file
                                   group class.

                       OTHER_OBJ   Permissions for other users.

             type      must be one of the following:





                           Copyright 1994 Novell, Inc.               Page 1













      aclipc(2)                                                  aclipc(2)


                      IPC_SHM     id must be a valid shared memory
                                  identifier returned by shmget.

                      IPC_SEM     id must be a valid semaphore identifier
                                  returned by semget.

                      IPC_MSG     id must be a valid message queue
                                  identifier returned by msgget.

            cmd       must be one of the following:

                      ACL_GET     The ACL information for the IPC object
                                  specified by type and id is copied into
                                  the user supplied buffer aclbufp .
                                  nentries specifies the number of ACL
                                  entries that will fit into aclbufp.  The
                                  user must have read access to the IPC
                                  object.

                      ACL_SET     The ACL for the IPC object specified by
                                  type and id is set to the ACL entries in
                                  the user supplied buffer aclbufp.
                                  nentries specifies the number of ACL
                                  entries currently in aclbufp.  The
                                  entries in aclbufp must be valid and in
                                  the proper ACL order [see acl(2)].  The
                                  user must have P_OWNER privilege, or be
                                  the creator or owner of the object, to
                                  alter the IPC object.

                      ACL_CNT     Returns the number of ACL entries for
                                  the IPC object specified by type and id
                                  nentries and aclbufp are ignored.  The
                                  user must have read access to the IPC
                                  object.

            When the ACL for an IPC object is set, the permission mode (in
            ipc_perm) may change.  The first three bits of the permission
            mode are set to the permissions of the object user entry.  The
            middle three bits of the permission mode are set to the ORed
            value of the permissions for the additional users, object
            group, and additional group entries.  The last three bits of
            the permission mode are set to the permissions of the other
            entry.  See intro(2) for a description of ipc_perm.  See
            acl(2) for a description of ACLs.



                          Copyright 1994 Novell, Inc.               Page 2













       aclipc(2)                                                  aclipc(2)


             For cmd ACL_SET, the aclipc call will succeed if all of the
             following are true:

                         There is exactly one entry each of type USER_OBJ,
                         GROUP_OBJ, CLASS_OBJ, and OTHER_OBJ.

                         Entries of type USER or GROUP may not contain
                         duplicate entries.  A duplicate entry is one of
                         the same type containing the same numeric ID.

                         If an ACL contains no entries of type USER and no
                         entries of type GROUP, then the entries of type
                         GROUP_OBJ and CLASS_OBJ must have the same
                         permissions.

          Return Values
             On success, aclipc returns the number of ACL entries for cmd
             ACL_CNT and ACL_GET, and 0 for cmd ACL_SET.  On failure,
             aclipc returns -1 and sets errno to identify the error.

          Errors
             In the following conditions, aclipc fails and sets errno to:

             EINVAL         type is not one of IPC_SHM, IPC_SEM, or
                            IPC_MSG.

             EINVAL         id is not a valid type identifier.

             EINVAL         cmd is not one of ACL_GET, ACL_SET, or ACL_CNT.

             EINVAL         cmd is ACL_SET and the ACL entries in aclbufp
                            are not valid or in proper order.

             EPERM          cmd is ACL_SET and the user does not have
                            P_OWNER privilege and is neither the creator
                            nor owner of the IPC object.

             EINVAL         cmd is ACL_SET and the security level of the
                            calling process is not equal to the security
                            level of the IPC object.

             EINVAL         cmd is ACL_GET or ACL_CNT and the security
                            level of the calling process is dominated by
                            the security level of the IPC object.




                           Copyright 1994 Novell, Inc.               Page 3













      aclipc(2)                                                  aclipc(2)


            EACCES         cmd is ACL_GET or ACL_CNT and the user does not
                           have discretionary read access to the IPC
                           object.

            ENOSPC         cmd is ACL_GET and the number of ACL entries
                           for the IPC object exceeds nentries.

            ENOSPC         cmd is ACL_SET and nentries is greater than the
                           tunable parameter aclmax.

            EINVAL         cmd is ACL_SET and the number of ACL entries is
                           less than the number of mandatory ACL entries
                           (4).

            EFAULT         cmd is ACL_GET and an attempt is made to copy
                           ACL entries beyond the user's address space;
                           this is possible if nentries is larger than the
                           number of ACL entries that aclbufp can hold.

            EFAULT         cmd is ACL_SET and an attempt is made to copy
                           from outside the user's address space.

      REFERENCES
            acl(2), aclsort(3C), intro(2), msgget(2), semget(2), shmget(2)
























                          Copyright 1994 Novell, Inc.               Page 4








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026