vnop_setxacl Entry Point

Purpose

Sets the access control list (ACL) for a file system object. This is an advanced interface compared to vnop_setacl and provides for ACL-type-based operations.

Syntax

#include <sys/acl.h> 
int vnop_setxacl (vp, ctl_flags, acl_type, uiop, mode_info, crp) 

struct vnode   *vp; 
uint64_t       ctl_flags; 
acl_type_t     acl_type; 
struct uio     *uiop; 
mode_t          mode_info; 
struct ucred   *crp;

Description

The vnop_setxacl entry point sets the access control list (ACL) on a file. It is an advanced version of vnop_setacl interface and provides for ACL-type-based operations. This interface can also be used to manage special bits in mode word (such as SUID, SGID and SVTX) in case the ACL type does not support these bits through ACL. For more details about the various ACL types, refer to AIX® Version 7.1 Security.

Parameters

Item	Description
vp	Specifies the virtual node (v-node) of the file system object for which the ACL needs to be set.
acl_type	Specifies the ACL type of the ACL information that needs to be set for the file system object. Note: If the underlying physical file system does not support the ACL type being requested, the system could return an error.
acl_len	Pointer to a length variable. The space pointed to is used as an input, as well as output, parameter. As input, the value will indicate the size of buffer uiop. When the call returns, this space holds the actual length of the ACL (true for when the call is successful or when the call fails with errno set to ENOSPC).
ctl_flags	This 64-bit bit mask provides for control over the ACL setting and for any future variations in the interface. The following flag values have been defined: SET_MODE_S_BITS Indicates that the mode_info value is set by the caller and the ACL put operation must consider this value to complete the ACL put operation. SET_ACL Indicates that the ACL arguments point to valid ACL data that must be considered while the ACL put operation is being performed. Note: Both of the preceding values can be specified by the caller by ORing the two masks.
uiop	Specifies the uio structure that defines the storage for the call arguments.
mode_info	This value indicates any mode word information that needs to be set for the file system object as part of this ACL put operation. When mode bits are altered by specifying the SET_MODE_S_BITS flag (in ctl_flags), the entire ACL put operation will fail if the caller does not have the required privileges.
crp	Points to the cred structure. This structure contains data that the file system can use to validate access permission.

Execution Environment

The vnop_setxacl entry point can be called from the process environment only.

Return Values

Upon successful completion, the vnop_setxacl entry point returns 0. Nonzero return values are returned from the /usr/include/sys/errno.h file to indicate failure.

Item	Description
EPERM	Indicates that the effective user ID of the process is not authorized to change the ACL on the specified file system object.
EINVAL	Invalid operation. File system might not support the ACL type being set.

Note: This list of error numbers is not complete and is dependent on the particular physical file system implementation supporting the ACL.