Stores the access control information for a file system object.
Security Library (libc.a)
#include <sys/acl.h>int aclx_put (Path, ctl_flags, acl_type, acl, acl_sz, mode_info)
char * Path;
uint64_t ctl_flags;
acl_type_t acl_type;
void * acl;
size_t acl_sz;
mode_t mode_info;int aclx_fput (FileDescriptor, ctl_flags, acl_type, acl, acl_sz, mode_info)
int FileDescriptor;
uint64_t ctl_flags;
acl_type_t acl_type;
void * acl;
size_t acl_sz;
mode_t mode_info;The aclx_put and aclx_fput subroutines store the access control information for a file system object in the native ACL format. Native ACL format is the format as defined for the particular ACL type in the system. These subroutines are advanced versions of the acl_put and acl_fput subroutines and should be used instead of the older versions. The aclx_put and aclx_fput subroutines provide for more control for the user to interact with the underlying file system directly.
A caller specifies the ACL type in the acl_type argument and passes the ACL information in the acl argument. The acl_sz parameter indicates the size of the ACL data. The ctl_flags parameter is a bitmask that allows for variation of aclx_put requests.
The value provided to these subroutines can be obtained by invoking aclx_get or aclx_fget subroutines to copy or restore the access control information.
The aclx_put and aclx_fput subroutines can also be used to manage the special bits (such as SGID and SUID) in the mode word associated with the file system object. For example, you can set the mode_info value to any special bit mask (as in the mode word defined for the file system), and a request can be made to set the same bits using the ctl_flags argument. Note that special privileges (such as root) might be required to set these bits.
| Item | Description |
|---|---|
| Path | Specifies the path name of the file system object. |
| FileDescriptor | Specifies the file descriptor of an open file system object.
This 64-bit sized bit mask provides control over the ACL retrieval.
These bits are divided as follows:
|
| ctl_flags | Bit mask with the following system-wide flag values defined:
Note: Both of the preceding values can be specified
by the caller by ORing the two masks.
|
| acl_type | Indicates the type of ACL to be associated with the file
object. If the acl_type specified is not among the ACL types
supported for the file system, then an error is returned. The supported ACL types are ACLX and NFS4. |
| acl | Points to a buffer where the ACL information exists. This ACL information is associated with the file system object specified. The size of this buffer is indicated by the acl_sz parameter. |
| acl_sz | Indicates the size of the ACL information sent through the acl parameter. |
| mode_info | This value indicates any mode word information that needs to be set for the file system object in question as part of this ACL put operation. When mode bits are being altered by specifying the SET_MODE_S_BITS flag (in ctl_flags) ACL put operation fails if the caller does not have the required privileges. |
On successful completion, the aclx_put and aclx_fput subroutines return a value of 0. Otherwise, -1 is returned and the errno global variable is set to indicate the error.
The aclx_put subroutine fails and the access control information for a file remains unchanged if one or more of the following are true:
| Item | Description |
|---|---|
| EACCES | Search permission is denied on a component of the Path prefix. |
| EFAULT | The Path parameter points to a location outside of the allocated address space of the process. |
| ELOOP | Too many symbolic links were encountered in translating the Path parameter. |
| ENAMETOOLONG | A component of the Path parameter exceeded 255 characters, or the entire Path parameter exceeded 1023 characters. |
| ENOENT | A component of the Path does not exist or has the disallow truncation attribute (see the ulimit subroutine). |
| ENOENT | The Path parameter was null. |
| ENOENT | A symbolic link was named, but the file to which it refers does not exist. |
| ENOTDIR | A component of the Path prefix is not a directory. |
| ESTALE | The process' root or current directory is located in a virtual file system that has been unmounted. |
The aclx_fput subroutine fails and the file permissions remain unchanged if the following is true:
| Item | Description |
|---|---|
| EBADF | The FileDescriptor parameter is not a valid file descriptor. |
The aclx_put or aclx_fput subroutine fails if one or more of the following is true:
| Item | Description |
|---|---|
| EINVAL | Invalid input parameter. The same error can be returned if an invalid acl_type is specified as input to this routine. |
| EIO | An I/O error occurred during the operation. |
| EROFS | The named file resides on a read-only file system. |
If Network File System (NFS) is installed on your system, the acl_put and acl_fput subroutines can also fail if the following condition is true:
| Item | Description |
|---|---|
| ETIMEDOUT | The connection timed out. |
Access Control: The invoker must have search permission for all components of the Path prefix.
Auditing Events:
| Item | Description |
|---|---|
| Event | Information |
| chacl | Path-based event |
| fchacl | FileDescriptor-based event |