diff options
author | Lorry Tar Creator <lorry-tar-importer@baserock.org> | 2013-08-29 22:05:30 +0000 |
---|---|---|
committer | <> | 2013-09-19 12:35:38 +0000 |
commit | 20f3885d80d6b4eda72b35a8d219a722310274fd (patch) | |
tree | 6e2bd9f23d3c17447065dd681774d52c67bb683d /keyutils-1.5.6/keyctl_setperm.3 | |
download | keyutils-tarball-20f3885d80d6b4eda72b35a8d219a722310274fd.tar.gz |
Imported from /home/lorry/working-area/delta_keyutils-tarball/keyutils-1.5.6.tar.bz2.HEADkeyutils-1.5.6masterbaserock/morph
Diffstat (limited to 'keyutils-1.5.6/keyctl_setperm.3')
-rw-r--r-- | keyutils-1.5.6/keyctl_setperm.3 | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/keyutils-1.5.6/keyctl_setperm.3 b/keyutils-1.5.6/keyctl_setperm.3 new file mode 100644 index 0000000..9bf90f5 --- /dev/null +++ b/keyutils-1.5.6/keyctl_setperm.3 @@ -0,0 +1,130 @@ +.\" +.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. +.\" Written by David Howells (dhowells@redhat.com) +.\" +.\" This program is free software; you can redistribute it and/or +.\" modify it under the terms of the GNU General Public License +.\" as published by the Free Software Foundation; either version +.\" 2 of the License, or (at your option) any later version. +.\" +.TH KEYCTL_SETPERM 3 "4 May 2006" Linux "Linux Key Management Calls" +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH NAME +keyctl_setperm \- Change the permissions mask on a key +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH SYNOPSIS +.nf +.B #include <keyutils.h> +.sp +.BI "long keyctl_setperm(key_serial_t " key ", key_perm_t " perm ");" +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH DESCRIPTION +.BR keyctl_setperm () +changes the permissions mask on a key. +.P +A process that does not have the +.B SysAdmin +capability may not change the permissions mask on a key that doesn't have the +same UID as the caller. +.P +The caller must have +.B setattr +permission on a key to be able change its permissions mask. +.P +The permissions mask is a bitwise-OR of the following flags: +.TP +.B KEY_xxx_VIEW +Grant permission to view the attributes of a key. +.TP +.B KEY_xxx_READ +Grant permission to read the payload of a key or to list a keyring. +.TP +.B KEY_xxx_WRITE +Grant permission to modify the payload of a key or to add or remove links +to/from a keyring. +.TP +.B KEY_xxx_SEARCH +Grant permission to find a key or to search a keyring. +.TP +.B KEY_xxx_LINK +Grant permission to make links to a key. +.TP +.B KEY_xxx_SETATTR +Grant permission to change the ownership and permissions attributes of a key. +.TP +.B KEY_xxx_ALL +Grant all the above. +.P +The +.RB ' xxx ' +in the above should be replaced by one of: +.TP +.B POS +Grant the permission to a process that possesses the key (has it attached +searchably to one of the process's keyrings). +.TP +.B USR +Grant the permission to a process with the same UID as the key. +.TP +.B GRP +Grant the permission to a process with the same GID as the key, or with a +match for the key's GID amongst that process's Groups list. +.TP +.B OTH +Grant the permission to any other process. +.P +Examples include: +.BR KEY_POS_VIEW ", " KEY_USR_READ ", " KEY_GRP_SEARCH " and " KEY_OTH_ALL . +.P +User, group and other grants are exclusive: if a process qualifies in +the 'user' category, it will not qualify in the 'groups' category; and if a +process qualifies in either 'user' or 'groups' then it will not qualify in +the 'other' category. +.P +Possessor grants are cumulative with the grants from the 'user', 'groups' +and 'other' categories. +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH RETURN VALUE +On success +.BR keyctl_setperm () +returns +.B 0 . +On error, the value +.B -1 +will be returned and errno will have been set to an appropriate error. +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH ERRORS +.TP +.B ENOKEY +The specified key does not exist. +.TP +.B EKEYEXPIRED +The specified key has expired. +.TP +.B EKEYREVOKED +The specified key has been revoked. +.TP +.B EACCES +The named key exists, but does not grant +.B setattr +permission to the calling process. +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH LINKING +This is a library function that can be found in +.IR libkeyutils . +When linking, +.B -lkeyutils +should be specified to the linker. +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.SH SEE ALSO +.BR keyctl (1), +.br +.BR add_key (2), +.br +.BR keyctl (2), +.br +.BR request_key (2), +.br +.BR keyctl (3), +.br +.BR request-key (8) |