acl(2)acl(2)NAMEacl() - set a file's Access Control List (ACL) information (JFS File
Systems only)
SYNOPSISDESCRIPTION
The system call is used to manipulate ACLs on JFS file system objects.
pathp points to a path name naming a file.
nentries specifies how many ACL entries are pointed to by aclbufp.
aclbufp is a pointer to the first element of an array of This type is
defined in as follows:
The values for are:
Permissions for the owner of the object.
Permissions for additional users.
Permissions for members of the owning group of the object.
Permissions for members of additional groups.
Maximum permissions granted to the file group class.
Permissions for other users.
Default permissions for the object owner.
Default permissions for additional users.
Default permissions for members of the owning group of the
object.
Default permissions for members of additional groups
Default maximum permissions granted to the file group class.
Default permissions for other users.
cmd The following values for cmd are available:
nentries ACL entries, specified in buffer aclbufp, are
stored in the file's ACL. Any existing ACL on the
file is replaced by the new ACL. All directories
in the path name must be searchable.
Buffer aclbufp is filled with the file's ACL entries.
Discretionary read access to the file is not
required, but all directories in the path name must
be searchable.
The number of entries in the file's ACL is returned. Discre‐
tionary
read access to the file is not required, but all
directories in the path name must be searchable.
For command the call will succeed if and only if all of the following
are true:
There is exactly one entry each of type and
If pathp points to a directory, there is at most one entry each
of type and
Entries of type or do not contain duplicate entries. A dupli‐
cate entry is one of the same type containing the same numeric
ID.
If the ACL contains no entries of type and no entries of type
then the entries of type and have the same permissions.
If the ACL contains no entries of type and no entries of type
and an entry of type is specified, then an entry of type is also
specified and the two entries have the same permissions.
Security Restrictions
The value for cmd can only be executed by a process that has an effec‐
tive user ID equal to the owner of the file, or by the superuser, or by
a user with the privilege.
See privileges(5) for more information about privileged access on sys‐
tems that support fine-grained privileges.
RETURN VALUE
returns the following values:
n Successful completion. Returns the number of ACL entries
for cmd and
Successful completion.
Returns for cmd
Failure.
is set to indicate the error.
ERRORS
If fails, the ACL is unchanged, and is set to one of the following val‐
ues:
The caller does not have access to a component of the path name.
cmd is not or
cmd is and nentries is less than the number of mandatory ACL
entries (4).
cmd is and the ACL specified in aclbufp is not valid [see
above discussion, and aclsort(3C)].
A disk I/O error has occurred while storing or retrieving the ACL.
cmd is and the effective user ID of the caller does not
match the owner of the file, and the caller is not the
superuser or a user with privilege.
A component of the path does not exist.
cmd is and nentries is less than the number of entries in
the file's ACL.
cmd is and there is insufficient space to store the ACL.
cmd is and nentries is greater than which is defined in
A component of the path specified by
pathp is not a directory.
cmd is and an attempt is made to set a default ACL on a file
type other than a directory.
cmd is the file specified by pathp resides on a local non-
JFS file system, and additional entries were specified
in the ACL.
cmd is the file specified by pathp resides on a non-local
file system, and additional entries were specified in
the ACL.
cmd is and the file specified by pathp resides on a file
system that is mounted read-only.
aclbufp points to an illegal address.
SEE ALSOaclsort(3), getacl(1), setacl(1), privileges(5).
acl(2)