Standards / Extensions | C or C++ | Dependencies |
---|---|---|
z/OS UNIX |
both | z/OS V1R3 |
#define _OPEN_SYS 1
#include <sys/acl.h>
int acl_set_file (char *path_p, acl_type_t type_d, lacl_t acl_d, short OpType,
acl_entry_t *entry_p);
Use access control lists (ACLs) in conjunction with permission bits to control access to files and directories. Currently, ACLs are supported by the HFS, TFS, and zFS file systems. You must know whether your security product supports ACLs and what rules are used when determining file access. See z/OS UNIX System Services Planning for details.
The acl_set_file() function associates the type_d ACL with the object referred to by file name path_p. The effective UID of the subject must match the owner of the object or the subject must have appropriate privileges.
If the type_d is the directory/file default and the object referred to by file name path_p is not a directory, then the function will fail.
The acl_set_file() function will succeed only if the ACL is valid as defined by the acl_valid() function.
Upon successful completion, acl_set_file() will set the ACL of the object. For type_d = ACL_ACCESS, acl_set_file() will also set the base ACL entries. The base ACL entries only apply to ACl_ACCESS ACL type, so for any other type the base ACL entries are ignored.
If OpType is ACL_ADD, the existing ACL is replaced by the new one. Only extended ACL entry's value is used to determine permissions to set. The object's previous ACL will no longer be in effect. If the object had no ACL, a new one is added for both ACL_MODIFY and ACL_ADD.
Similarly, for OpType = ACL_ADD, base ACL entries are replaced with the new values specified (mask field is ignored). All three base ACL entries (ACL_USER, ACL_GROUP, and ACL_OTHER) must be specified. For OpType = ACL_MODIFY, the base ACL entries are modified with the specified values (both mask and value fields are used).
For Optype = ACL_MODIFY only the base ACL entries to be changed need to be specified. The Optype = ACL_DELETE does not apply to base ACL entries since they cannot be removed. Every file always has base ACL entries.
If the acl_set_file() is unsuccessful, the ACL of the object referred to by argument path_p is not changed.
The ordering of entries within ACL referred to by acl_d may be changed. The first call to acl_get_entry() following the call to acl_set_file() obtains the first extended ACL entry as ordered by the system.
Upon successful completion, the function returns a value of zero.
If any of the following conditions occur, the acl_set_file() function will return a value of -1 and set errno to the corresponding value:
The function will return -2 and set errno to EINVAL if the base ACL entry is not unique or is not a valid type or for ACL_ADD, there are less than 3 base ACL entries. The entry_p will be NULL.
The function will return -3 and set errno to EINVAL if the extended ACL entry is not unique or is not a valid type. The entry_p, if not NULL, will point to the extended ACL entry in error.