Manualshelf

HP-UX Reference (11i v1 00/12) - 2 System Calls (vol 5)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
321322323324325326327328329330
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man2/!!!intro.2
________________________________________________________________
___ ___
s
setacl(2) setacl(2)
Altering a base ACL entry’s modes with setacl() changes the file’s corresponding permission bits. The
permission bits can be altered also by using chmod() (see chmod(2)) and read using stat() (see
stat(2)).
The number of entries allowed per file (see NACLENTRIES in <sys/acl.h> ) is small for space and per-
formance reasons. User groups should be created as needed for access control purposes. Since ordinary
users cannot create groups, their ability to control file access with ACLs might be somewhat limited.
RETURN VALUE
Upon successful completion, setacl() and fsetacl() return a value of zero. If an error occurs, they
return 1, the file’s ACL is not modified, and errno is set to indicate the error.
ERRORS
setacl() and fsetacl() fail if any of the following conditions are encountered:
[ENOTDIR] A component of the path prefix is not a directory.
[ENOENT] The named file does not exist (for example, path is null or a component of path
does not exist).
[EBADF] fildes is not a valid file descriptor.
[EACCES] A component of the path prefix denies search permission.
[EPERM] The effective user ID does not match the owner of the file and the effective user
ID is not super-user.
[EROFS] The named file resides on a read-only file system.
[EFAULT] path or acl points outside the allocated address space of the process, or acl is not
as large as indicated by nentries.
[EINVAL] There is a redundant entry in the ACL, or acl contains an invalid uid, gid,or
mode value.
[E2BIG] An attempt was made to set an ACL with more than
NACLENTRIES entries.
[EOPNOTSUPP] The function is not supported on remote files by some networking services.
[ENOSYS] The function is not supported by this file system type.
[ENOSPC] Not enough space on the file system.
[ENFILE] System file table is full.
[ENAMETOOLONG]
The length of path exceeds
PATH_MAX bytes, or the length of a component of
path exceeds NAME_MAX bytes while _POSIX_NO_TRUNC
is in effect.
[ELOOP] Too many symbolic links were encountered in translatingthe path name.
[EDQUOT] User’s disk quota block or inode limit has been reached for this file system.
EXAMPLES
The following code fragment defines and sets an ACL on file
../shared which allows the file’s owner to
read, write, and execute or search the file, and allows user 103, group 204 to read the file.
#include <unistd.h>
#include <sys/stat.h>
#include <sys/acl.h>
char *filename = "../shared";
struct acl_entry acl [2];
struct stat statbuf;
if (stat (filename, & statbuf) < 0)
error (...);
acl [0] . uid = statbuf . st_uid; /* file owner */
acl [0] . gid = ACL_NSGROUP;
acl [0] . mode = R_OK | W_OK | X_OK;
Section 2306 2 HP-UX Release 11i: December 2000
___
___