Sets the access control list (ACL) for a file system object. This is an advanced interface compared to vnop_setacl and provides for ACL-type-based operations.
#include <sys/acl.h>
int vnop_setxacl (vp, ctl_flags, acl_type, uiop, mode_info, crp)
struct vnode *vp;
uint64_t ctl_flags;
acl_type_t acl_type;
struct uio *uiop;
mode_t mode_info;
struct ucred *crp;
The vnop_setxacl entry point sets the access control list (ACL) on a file. It is an advanced version of vnop_setacl interface and provides for ACL-type-based operations. This interface can also be used to manage special bits in mode word (such as SUID, SGID and SVTX) in case the ACL type does not support these bits through ACL. For more details about the various ACL types, refer to AIX® Version 7.1 Security.
Item | Description |
---|---|
vp | Specifies the virtual node (v-node) of the file system object for which the ACL needs to be set. |
acl_type | Specifies the ACL type of the ACL information
that needs to be set for the file system object. Note: If the underlying
physical file system does not support the ACL type being requested,
the system could return an error.
|
acl_len | Pointer to a length variable. The space pointed to is used as an input, as well as output, parameter. As input, the value will indicate the size of buffer uiop. When the call returns, this space holds the actual length of the ACL (true for when the call is successful or when the call fails with errno set to ENOSPC). |
ctl_flags | This 64-bit bit mask provides for control over
the ACL setting and for any future variations in the interface. The
following flag values have been defined:
Note: Both of the preceding values can be specified
by the caller by ORing the two masks.
|
uiop | Specifies the uio structure that defines the storage for the call arguments. |
mode_info | This value indicates any mode word information that needs to be set for the file system object as part of this ACL put operation. When mode bits are altered by specifying the SET_MODE_S_BITS flag (in ctl_flags), the entire ACL put operation will fail if the caller does not have the required privileges. |
crp | Points to the cred structure. This structure contains data that the file system can use to validate access permission. |
The vnop_setxacl entry point can be called from the process environment only.
Upon successful completion, the vnop_setxacl entry point returns 0. Nonzero return values are returned from the /usr/include/sys/errno.h file to indicate failure.
Item | Description |
---|---|
EPERM | Indicates that the effective user ID of the process is not authorized to change the ACL on the specified file system object. |
EINVAL | Invalid operation. File system might not support the ACL type being set. |