aclx_put or aclx_fput Subroutine

Purpose

Stores the access control information for a file system object.

Library

Security Library (libc.a)

Syntax

#include <sys/acl.h>
int aclx_put (Path, ctl_flags, acl_type, acl, acl_sz,  mode_info)
char * Path;
uint64_t   ctl_flags;
acl_type_t   acl_type;
void * acl;
size_t   acl_sz;
mode_t   mode_info;
int aclx_fput (FileDescriptor, ctl_flags, acl_type, acl, acl_sz,  mode_info)
int  FileDescriptor;
uint64_t   ctl_flags;
acl_type_t   acl_type;
void * acl;
size_t   acl_sz;
mode_t   mode_info;

Description

The aclx_put and aclx_fput subroutines store the access control information for a file system object in the native ACL format. Native ACL format is the format as defined for the particular ACL type in the system. These subroutines are advanced versions of the acl_put and acl_fput subroutines and should be used instead of the older versions. The aclx_put and aclx_fput subroutines provide for more control for the user to interact with the underlying file system directly.

A caller specifies the ACL type in the acl_type argument and passes the ACL information in the acl argument. The acl_sz parameter indicates the size of the ACL data. The ctl_flags parameter is a bitmask that allows for variation of aclx_put requests.

The value provided to these subroutines can be obtained by invoking aclx_get or aclx_fget subroutines to copy or restore the access control information.

The aclx_put and aclx_fput subroutines can also be used to manage the special bits (such as SGID and SUID) in the mode word associated with the file system object. For example, you can set the mode_info value to any special bit mask (as in the mode word defined for the file system), and a request can be made to set the same bits using the ctl_flags argument. Note that special privileges (such as root) might be required to set these bits.

Parameters

Item Description
Path Specifies the path name of the file system object.
FileDescriptor Specifies the file descriptor of an open file system object. This 64-bit sized bit mask provides control over the ACL retrieval. These bits are divided as follows:
Lower 16 bits
System-wide (nonphysical file-system-specific) ACL control flags
32 bits
Reserved.
Last 16 bits
Any physical file-system-defined options (that are specific to physical file system ACL implementation).
ctl_flags Bit mask with the following system-wide flag values defined:
SET_MODE_S_BITS
Indicates that the mode_info value is set by the caller and the ACL put operation needs to consider this value while completing the ACL put operation.
SET_ACL
Indicates that the acl argument points to valid ACL data that needs to be considered while the ACL put operation is being performed.
Note: Both of the preceding values can be specified by the caller by ORing the two masks.
acl_type Indicates the type of ACL to be associated with the file object. If the acl_type specified is not among the ACL types supported for the file system, then an error is returned.

The supported ACL types are ACLX and NFS4.

acl Points to a buffer where the ACL information exists. This ACL information is associated with the file system object specified. The size of this buffer is indicated by the acl_sz parameter.
acl_sz Indicates the size of the ACL information sent through the acl parameter.
mode_info This value indicates any mode word information that needs to be set for the file system object in question as part of this ACL put operation. When mode bits are being altered by specifying the SET_MODE_S_BITS flag (in ctl_flags) ACL put operation fails if the caller does not have the required privileges.

Return Values

On successful completion, the aclx_put and aclx_fput subroutines return a value of 0. Otherwise, -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The aclx_put subroutine fails and the access control information for a file remains unchanged if one or more of the following are true:

Item Description
EACCES Search permission is denied on a component of the Path prefix.
EFAULT The Path parameter points to a location outside of the allocated address space of the process.
ELOOP Too many symbolic links were encountered in translating the Path parameter.
ENAMETOOLONG A component of the Path parameter exceeded 255 characters, or the entire Path parameter exceeded 1023 characters.
ENOENT A component of the Path does not exist or has the disallow truncation attribute (see the ulimit subroutine).
ENOENT The Path parameter was null.
ENOENT A symbolic link was named, but the file to which it refers does not exist.
ENOTDIR A component of the Path prefix is not a directory.
ESTALE The process' root or current directory is located in a virtual file system that has been unmounted.

The aclx_fput subroutine fails and the file permissions remain unchanged if the following is true:

Item Description
EBADF The FileDescriptor parameter is not a valid file descriptor.

The aclx_put or aclx_fput subroutine fails if one or more of the following is true:

Item Description
EINVAL Invalid input parameter. The same error can be returned if an invalid acl_type is specified as input to this routine.
EIO An I/O error occurred during the operation.
EROFS The named file resides on a read-only file system.

If Network File System (NFS) is installed on your system, the acl_put and acl_fput subroutines can also fail if the following condition is true:

Item Description
ETIMEDOUT The connection timed out.

Security

Access Control: The invoker must have search permission for all components of the Path prefix.

Auditing Events:

Item Description
Event Information
chacl Path-based event
fchacl FileDescriptor-based event