blob: cf829f11f0a35925b828d344e51cac7ca1a4f155 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
.TH ACL_GET_FD 3
.SH NAME
acl_get_fd, acl_set_fd \- get or set the ACL associated with an open file
.SH SYNOPSIS
.B #include <acl/acl.h>
.PP
.B struct acl * acl_get_fd(int fd);
.br
.B int acl_set_fd(int fd, struct acl *aclp);
.SH DESCRIPTION
.I acl_get_fd
returns a pointer to an allocated \f2struct acl\fP associated with the
open file referred to by \f2fd\fP.
If
.B _POSIX_MAC
is in effect, then the process must have MAC read access to the object.
.PP
.I acl_set_fd
sets the ACL for the open file referred to by \f2fd\fP from the \f2struct acl\fP
pointed to by \f2aclp\fP.
The effective UID of the process must match the owner of the object or the
process must have appropriate privilege to set the access ACL on the
object. If
.B _POSIX_CAP
is in effect, then the appropriate capability must include CAP_FOWNER.
In addition, if
.B _POSIX_MAC
is in effect, then the process must have MAC write access to the object.
\f2acl_set_fd\fP
function will succeed only if the ACL
is valid as defined by the
\f2acl_valid\fP(3)
function.
.SH RETURN VALUES
.I acl_get_fd
returns a pointer to an allocated \f2struct acl\fP if successful, NULL otherwise.
The storage should be freed with a call to \f2acl_free\fP with the returned
pointer as an argument when it is no longer needed.
.PP
.I acl_set_fd
returns 0 if successful, -1 otherwise.
.SH ERRORS
.I acl_get_fd:
.TP 16
EACCESS
Access to the object is denied.
.TP 16
EBADF
\f2fd\fP is not a valid file descriptor.
.TP 16
ENOMEM
allocation of the \f2struct acl\fP failed.
.TP 16
ENOSYS
ACL support is not available (not installed).
.PP
.I acl_set_fd:
.TP 16
EACCESS
Access to the object is denied.
.TP 16
EBADF
\f2fd\fP is not a valid file descriptor.
.TP 16
EINVAL
The ACL is not valid or too large (too many entries).
.TP 16
ENOSPC
The file system is full or some other resource needed for the ACL storage
is not available.
.TP 16
ENOSYS
ACL support is not available (not installed).
.TP 16
EPERM
The process does not have appropriate privilege to
perform the operation to set the ACL.
.TP 16
EROFS
This function requires modification of a file system which is currently
read-only.
|
