setacl.2 (2010 09)
s
setacl(2) setacl(2)
The number of entries allowed per file (see
NACLENTRIES in <sys/acl.h>) is small for space and per-
formance reasons. User groups should be created as needed for access control purposes. Since ordinary
users cannot create groups, their ability to control file access with ACLs might be somewhat limited.
Security Restrictions
The effective user ID of the process must match the owner of the file, or it must be the superuser or a user
with the
OWNER privilege to set a file’s ACL.
See privileges (5) for more information about privileged access on systems that support fine-grained
privileges.
RETURN VALUE
setacl() and fsetacl() return the following values:
0 Successful completion.
-1 Failure. The file’s ACL is not modified, and
errno
is set to indicate the error.
ERRORS
setacl() fails if any of the following conditions are encountered:
[ENOTDIR] A component of the path prefix is not a directory.
[ENOENT] The named file does not exist (for example, path is null or a component of path does not
exist).
[EACCES] A component of the path prefix denies search permission.
[EPERM] The effective user ID does not match the owner of the file and the effective user ID is not
superuser or does not have the
OWNER privilege.
[EROFS] The named file resides on a read-only file system.
[EFAULT] path or acl points outside the allocated address space of the process, or acl is not as large
as indicated by nentries .
[EINVAL] There is a redundant entry in the ACL, or acl contains an invalid uid, gid,ormode
value.
[E2BIG] An attempt was made to set an ACL with more than
NACLENTRIES entries.
[EOPNOTSUPP]
The function is not supported on remote files by some networking services.
[ENOSYS] The function is not supported by this file system type.
[ENOSPC] Not enough space on the file system.
[ENFILE] System file table is full.
[ENAMETOOLONG]
The length of path exceeds
PATH_MAX bytes, or the length of a component of path
exceeds NAME_MAX bytes while _POSIX_NO_TRUNC is in effect.
[ELOOP] Too many symbolic links were encountered in translating the path name.
[EDQUOT] User’s disk quota block or inode limit has been reached for this file system.
fsetacl() fails if any of the following conditions are encountered:
[EBADF] fildes is not a valid file descriptor.
[EPERM] The effective user ID does not match the owner of the file and the effective user ID is not
superuser or does not have the
OWNER privilege.
[EROFS] The named file resides on a read-only file system.
[EFAULT] path or acl points outside the allocated address space of the process, or acl is not as large
as indicated by nentries .
[EINVAL] There is a redundant entry in the ACL, or acl contains an invalid uid, gid,ormode
value.
[E2BIG] An attempt was made to set an ACL with more than
NACLENTRIES entries.
[EOPNOTSUPP]
The function is not supported on remote files by some networking services.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010