vnop_setxacl Entry Point

Purpose

Sets the access control list (ACL) for a file system object. This is an advanced interface compared to vnop_setacl and provides for ACL-type-based operations.

Syntax

#include <sys/acl.h> 
int vnop_setxacl (vp, ctl_flags, acl_type, uiop, mode_info, crp) 

struct vnode   *vp; 
uint64_t       ctl_flags; 
acl_type_t     acl_type; 
struct uio     *uiop; 
mode_t          mode_info; 
struct ucred   *crp; 

Description

The vnop_setxacl entry point sets the access control list (ACL) on a file. It is an advanced version of vnop_setacl interface and provides for ACL-type-based operations. This interface can also be used to manage special bits in mode word (such as SUID, SGID and SVTX) in case the ACL type does not support these bits through ACL. For more details about the various ACL types, refer to AIX® Version 7.1 Security.

Parameters

Item Description
vp Specifies the virtual node (v-node) of the file system object for which the ACL needs to be set.
acl_type Specifies the ACL type of the ACL information that needs to be set for the file system object.
Note: If the underlying physical file system does not support the ACL type being requested, the system could return an error.
acl_len Pointer to a length variable. The space pointed to is used as an input, as well as output, parameter. As input, the value will indicate the size of buffer uiop. When the call returns, this space holds the actual length of the ACL (true for when the call is successful or when the call fails with errno set to ENOSPC).
ctl_flags This 64-bit bit mask provides for control over the ACL setting and for any future variations in the interface. The following flag values have been defined:
SET_MODE_S_BITS
Indicates that the mode_info value is set by the caller and the ACL put operation must consider this value to complete the ACL put operation.
SET_ACL
Indicates that the ACL arguments point to valid ACL data that must be considered while the ACL put operation is being performed.
Note: Both of the preceding values can be specified by the caller by ORing the two masks.
uiop Specifies the uio structure that defines the storage for the call arguments.
mode_info This value indicates any mode word information that needs to be set for the file system object as part of this ACL put operation. When mode bits are altered by specifying the SET_MODE_S_BITS flag (in ctl_flags), the entire ACL put operation will fail if the caller does not have the required privileges.
crp Points to the cred structure. This structure contains data that the file system can use to validate access permission.

Execution Environment

The vnop_setxacl entry point can be called from the process environment only.

Return Values

Upon successful completion, the vnop_setxacl entry point returns 0. Nonzero return values are returned from the /usr/include/sys/errno.h file to indicate failure.

Item Description
EPERM Indicates that the effective user ID of the process is not authorized to change the ACL on the specified file system object.
EINVAL Invalid operation. File system might not support the ACL type being set.
Note: This list of error numbers is not complete and is dependent on the particular physical file system implementation supporting the ACL.