acl_library(3) DG/UX B2 Security R4.12MU02 acl_library(3)
NAME
acl_library: acl_add_perm, acl_alloc, acl_calc_mask, acl_copy_entry,
acl_create_entry, acl_delete_entry, acl_delete_perm, acl_free,
acl_from_export, acl_get_entry, acl_get_perm, acl_get_tag,
acl_package_size, acl_read, acl_rewind, acl_set_perm, acl_set_tag,
acl_to_export, acl_valid, acl_write, acl_allocated, acl_clear,
acl_entry_valid, acl_fprintf, acl_get_text, acl_internal_clear,
acl_internal_copy, acl_internal_free, acl_no_calc_mask, acl_order,
acl_printf, acl_read_ject, acl_write_ject - ACL routines in
libtrust.a
SYNOPSIS
The following functions are modeled after the POSIX 1003.6 Draft
ballot functions of the same name:
#include <sys/acl.h>
int acl_add_perm (acl_entry_t entry_d,
acl_permset_t perms)
int acl_alloc (acl_t *acl_dp)
int acl_calc_mask (acl_t acl_d)
int acl_copy_entry (acl_entry_t src_d,
acl_entry_t dest_d)
int acl_create_entry (acl_t acl_d,
acl_entry_t *entry_dp)
int acl_delete_entry (acl_entry_t entry_dp)
int acl_delete_perm (acl_entry_t entry_dp,
acl_permset_t perms)
int acl_free (acl_t acl_d)
int acl_from_export (char *buf,
acl_package_typt pack_type,
acl_t acl_d)
int acl_get_entry (acl_t acl_d,
acl_entry_t *entry_dp)
int acl_get_perm (acl_entry_t entry_d,
acl_permset_t *perms)
int acl_get_tag (acl_entry_t entry_d,
acl_tag_t *tag_type,
void *tag_qualifier)
ssize_t acl_package_size (acl_t acl_d,
acl_package_type_t pack_type)
int acl_read (char *path,
acl_type_t type,
acl_t acl_d)
int acl_rewind (acl_t acl_d)
int acl_set_perm (acl_entry_t entry_d,
acl_permset_t perms)
int acl_set_tag (acl_entry_t entry_d,
acl_tag_t tag_type,
void *tag_qualifier)
ssize_t acl_to_export (acl_t acl_d,
char *buf,
ssize_t buf_len,
acl_package_type_t pack_type)
int acl_valid (acl_t acl_d,
acl_type_t type,
acl_entry_t *entry_dp)
int acl_write (char *path,
acl_type_t type,
acl_t acl_d)
The following functions are unique to systems running a DG/UX
information security option configured with access control lists.
These functions may not be portable to other systems:
#include <acl.h>
int acl_allocated (acl_t acl_d)
int acl_clear (acl_t acl_d)
int acl_entry_valid (acl_entry_t entry_d)
int acl_fprintf (FILE *file,
ject_ject_type ject_type,
int targ_type,
const void *targ,
int acl_type,
sec_object_enum_type obj_type,
acl_t acl_d,
int flags,
acl_permset_t *mask_ptr)
char *acl_get_text (ject_ject_type ject_type,
int targ_type,
const void *targ,
int acl_type,
sec_object_enum_type obj_type,
acl_t acl_d,
int *len_ptr,
int flags,
acl_permset_t *mask_ptr)
int acl_internal_clear (acl_t acl_d)
int acl_internal_copy (acl_t src,
acl_t dest)
int acl_internal_free (acl_t *acl_dp)
int acl_no_calc_mask (acl_t acl_d)
void acl_order (acl_t acl_d)
int acl_printf (ject_ject_type ject_type,
int targ_type,
const void *targ,
int acl_type,
sec_object_enum_type obj_type,
acl_t acl_d,
int flags,
acl_permset_t *mask_ptr)
int acl_read_ject (ject_ject_type ject_type,
int targ_type,
const void *targ,
int acl_type,
acl_t acl_d,
int flags)
int acl_write_ject (ject_ject_type ject_type,
int targ_type,
const void *targ,
int acl_type,
acl_t acl_d,
int flags)
DESCRIPTION
The functions in acl_library provide support for access control lists
in DG/UX information security options. These functions can be found
in libtrust.a. Some of these functions need functions found in
libdgc.a.
The functions return 0 on success and -1 on failure unless otherwise
noted.
acl_add_perm
This function adds the set of permissions found in perms to the ACL
entry referred to by argument entry_d. Any permissions the ACL entry
had prior to the call are left unchanged. Adding a permission that
is already granted by the entry is not an error.
Errors:
EINVAL entry_d does not refer to a valid ACL entry.
EINVAL perms contains values not defined in acl_permset_t.
acl_alloc
This function allocates and initializes a temporary area in which an
ACL may be manipulated. acl_dp is set to reference the created area.
Errors:
ENOMEM Could not allocate the memory for the acl_t object.
EINVAL *acl_dp is not a valid pointer.
acl_calc_mask
This function calculates and sets the ACL_MASK_OBJ ACL entry for the
ACL indicated by acl_d. The value of ACL_MASK_OBJ is the union of
the permissions of all ACL entries that refer to members of the File
Group Class (i.e., ACL_GROUP_OBJ, ACL_USER, ACL_GROUP). The value of
ACL_MASK_OBJ is identical to the file group class permission bits as
displayed by the ls -l command. If the ACL acl_d already contains an
ACL_MASK_OBJ, its permissions are overwritten; if it does not
contain an ACL_MASK_OBJ, one is added.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
ENOMEM Can't allocate the memory required for an ACL entry.
acl_copy_entry
This function copies the contents of the ACL entry src_d to the ACL
entry dest_d. src_d and dest_d may refer to entries in different
acl_t structures. The previous contents of the ACL entry dest_d are
overwritten.
Errors:
EINVAL src_d or dest_d does not refer to a valid ACL entry.
acl_create_entry
This function creates a new ACL entry in the ACL indicated by acl_d.
If there is insufficient space in the ACL for creating a new entry,
then additional memory is allocated. The descriptor for this new ACL
entry is returned in entry_dp. The components of the new ACL entry
are initialized so that the ACL tag type and qualifier are invalid,
and the set of permissions is empty. Use acl_set_tag() to set the
tag and qualifier and acl_set_perm() to set the permissions on the
newly created entry.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
acl_delete_entry
This function removes the ACL entry entry_d from the ACL that
contains it. entry_d and any other ACL entry descriptors that refer
to the same ACL entry are undefined after this function.
Errors:
EINVAL entry_d does not refer to a valid ACL entry.
acl_delete_perm
This function deletes the set of permissions contained in perms from
the ACL entry entry_d. Any permissions the ACL entry had prior to
the call to acl_delete_perm() not specified in perms are left
unchanged. The acl_delete_perm() function does not return an error
if the ACL entry does not have any of the specified permissions.
Errors:
EINVAL entry_d does not refer to a valid ACL entry.
EINVAL perms contains values not defined in acl_permset_t.
acl_free
This function releases the working storage associated with acl_d.
Any existing ACL entry descriptions that refer to entries in the ACL
become undefined.
Note that this function does not set the pointer acl_d to NULL.
Errors:
EINVAL acl_d does refer to an ACL allocated by acl_alloc().
acl_from_export
This function translates the exportable text or data package referred
to by buf into the ACL working storage referred to by acl_d. Any ACL
in the working storage is overwritten. If there is insufficient
space in the acl_d working storage for translating the ACL, then
additional memory is allocated.
pack_type may be one of the following values defined in <sys/acl.h>:
ACL_TEXT_PACKAGE The ACL format as output by the getacl(1) command.
Any ACL entry descriptors that previously referred to entries within
acl_d become undefined.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
EINVAL pack_type is not a valid package type.
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
acl_get_entry
This function obtains a descriptor to the next ACL entry of acl_d.
entry_dp is set to point to this ACL entry. acl_d must refer to an
ACL that was previously opened via a call to acl_alloc().
The first call to acl_get_entry() following a call to acl_read(),
acl_rewind() or acl_from_export() obtains the first ACL entry in the
ACL, as ordered by the system. Subsequent calls to acl_get_entry()
obtain successive ACL entries, until the last entry is obtained.
After the last entry has been obtained, the value 0 is returned.
Calls to acl_get_entry() do not modify any ACL entry or the ACL on
the object from which it may have been obtained in any way.
Subsequent operations using the returned ACL entry descriptor operate
on the ACL entry within the ACL in working storage (and do not modify
the ACL on the object from which it may have been obtained).
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
acl_get_perm
This function retrieves the permissions from the ACL entry entry_d
and returns them in perms. Any permissions the ACL entry has prior
to the call to acl_get_perm() are left unchanged.
Errors:
EINVAL entry_d does not refer to a valid ACL entry.
acl_get_tag
This function returns the tag type and qualifier of the tag for the
ACL entry entry_d. Upon successful completion, the location referred
to by tag_type is set to the tag type of the ACL entry. The location
referred to by tag_qualifier is set to the qualifier data contained
within the ACL entry. If the returned value of a tag type is
(acl_tag_t) ACL_USER, ACL_USER_OBJ, or ACL_OTHER_OBJ, the type of
tag_qualifier is uid_t. If tag_type is (acl_tag_t) ACL_GROUP,
ACL_GROUP_OBJ, or ACL_MASK_OBJ, the tag type of tag_qualifier is
gid_t.
Errors:
EINVAL entry_d does not refer to valid ACL entry.
acl_package_size
This function determines the number of bytes necessary to represent
the exportable data or text package as specified by pack_type, for
the ACL in working storage specified by acl_d.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
EINVAL pack_type is not a valid package type.
acl_read
This function reads an object's access or default ACL into the
working storage referred to by acl_d. Any ACL already in the working
storage is overwritten. If there is insufficient space in acl_d to
perform the operation, then additional memory is allocated. path
points to a pathname naming the file object. type is used to
indicate the whether the access or default ACL is to be read. type
may be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT.
The ACL in working storage is independent of the ACL on the file
object. The ACL in working storage does not participate in any
access control decision.
Errors:
EINVAL acl_d does not refer to an ACL allocated by
acl_alloc().
EINVAL type is neither ACL_TYPE_ACCESS nor ACL_TYPE_DEFAULT.
ENOMEM The ACL working storage requires more memory than the
system is able to provide.
EACCES Search permission is denied on a component of the path
prefix.
EACCES Attribute read access to the file object is denied.
ENAMETOOLONG The length of path exceeds {PATH_MAX}, or a pathname
component is longer than {NAME_MAX} while
{POSIX_NO_TRUNC} is in effect.
ENOTDIR A component of the path prefix is not a directory.
ENOTDIR type is ACL_TYPE_DEFAULT and path does not refer to a
directory.
ENOENT The named file object does not exist or path points to
an empty string.
acl_rewind
This function sets the internal descriptor for acl_d such that a
subsequent call to acl_get_entry() using the same acl_d will obtain
the first entry in the ACL.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
acl_set_perm
This function sets the permissions of the ACL entry entry_d to the
permissions contained in perms. The permissions of the ACL entry
prior to the call to acl_set_perm() are replaced.
Errors:
EINVAL entry_d does not refer to a valid ACL entry.
EINVAL perms contains values not defined in acl_permset_t.
acl_set_tag
This function sets the tag type of an ACL entry to the tag type in
tag_type with a qualifier as specified by tag_qualifier. If the tag
type is ACL_USER_OBJ, ACL_GROUP_OBJ, ACL_OTHER_OBJ, or ACL_MASK_OBJ
the tag_qualifier may be passed as a value of NULL.
Errors:
EINVAL entry_d does not refer to a valid ACL entry.
EINVAL tag_type is not a valid tag type.
acl_to_export
This function translates the ACL in working storage (acl_d) into the
memory referred to by buf in an exportable text package as specified
by pack_type. The acl_to_export() function will only package up to
buf_len bytes.
pack_type may be one of the following values defined in <sys/acl.h>:
ACL_TEXT_PACKAGE The ACL format as output by the getacl(1) command.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
EINVAL pack_type is not a valid package type.
ENOMEM The space referred to by buf and buf_len is not sufficient to
store the translated ACL.
acl_valid
This function checks the access ACL or the default ACL referred to by
acl_d for validity. The three required entries ACL_USER_OBJ,
ACL_GROUP_OBJ and ACL_OTHER_OBJ must exist exactly once in an access
ACL. If an access ACL contains four or more entries, then the
ACL_MASK_OBJ entry must exist exactly once. The qualifier field must
be unique among entries of the same tag type. A default ACL may have
zero entries, but if it does have entries they must follow the same
rules as entries in an access ACL.
Errors:
If any of the following conditions occur, the acl_valid() function
sets the location referred to by entry_dp to the ACL entry in error.
EINVAL The ACL contains entries that are not unique.
If any of the following conditions occur, the acl_valid() function
sets the location referred to by entry_dp to NULL.
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
EINVAL One or more of the required entries is not present.
acl_write
This function associates an ACL with a file object, or deletes a
default ACL from a directory. path points to the pathname of the
file object. type indicates whether an access or default ACL is
being written. type may be either ACL_TYPE_ACCESS or
ACL_TYPE_DEFAULT.
The entries in the ACL may have been obtained via a call to the
acl_read() function, newly created via calls to the
acl_create_entry() function, or by translating text defining an ACL
with acl_from_export(). The argument path specified in the
acl_write() call is not necessarily the same as the argument path
specified in the acl_read() call. The ACL may be otherwise
manipulated by the various ACL functions.
A default ACL may be removed from a directory by writing an ACL
containing zero entries to that directory, i.e., an ACL created by
acl_alloc().
The acl_write() function will succeed only if the ACL is valid as
defined by the acl_valid() function.
Upon successful completion, acl_write() sets the specified file
object's access ACL or default ACL (whichever is being written) to
that contained in acl_d. The file object's previous access or
default ACL is no longer in effect. No intermediate state will exist
where the previous ACL and the new ACL, or the previous default ACL
and the new default ACL, coexist in whole or in part. This call may
result in changes to the file's permission bits. If acl_write() is
unsuccessful, neither the access ACL nor the default ACL of path will
be changed.
Errors:
EACCES Search permission is denied on a component of the path
prefix.
EACCES Attribute write access to path is denied.
ENAMETOOLONG The length of path exceeds {PATH_MAX}, or a pathname
component is longer than {NAME_MAX} while
{POSIX_NO_TRUNC} is in effect.
ENOTDIR A component of the path prefix is not a directory.
ENOTDIR type is ACL_TYPE_DEFAULT and path does not refer to a
directory.
ENOENT The named file object does not exist or path points to
an empty string.
EINVAL acl_d does not refer to an ACL allocated by acl_alloc()
or contains other errors. Use acl_valid() to determine
what errors are in the ACL.
EINVAL type is neither ACL_TYPE_ACCESS nor ACL_TYPE_DEFAULT.
EPERM The effective UID of the process does not match the
owner of the file object and the process does not have
appropriate privilege to write the ACL.
ENOSPC There was not enough space to store the entire ACL from
the working storage during the write of the ACL.
ENOSPC {_POSIX_ACL_PRESENT} is not in effect for path and the
ACL contains more than the three base entries
(ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER_OBJ).
EROFS The named file object resides on a read-only file
system.
acl_allocated
This function ensures that acl_d is a valid acl_t structure as
returned by the acl_alloc() function.
Errors:
EINVAL acl_d is not of a form as allocated by acl_alloc().
acl_clear
This function initializes the ACL working storage specified by acl_d
to the same state it would be set to if newly allocated by
acl_alloc(), with the exception that any additional space that may
have been allocated for additional ACL entries is not returned to the
system.
Errors:
EINVAL acl_d does not refer to an ACL as allocated by acl_alloc().
acl_entry_valid
This function checks to ensure that entry_d is a valid ACL entry.
This routine only ensures that entry_d is a well formed ACL entry.
It does not ensure that this entry is not a duplicate.
Errors:
EINVAL entry_d is not a valid ACL entry.
acl_fprintf
This function prints the POSIX text description of the specified ACL
to the specified stream file. This function does not retrieve the
ACL from the object. Rather, the object information is only used to
properly construct the comments in the ACL text representation. This
ACL displayed is the ACL passed in acl_d.
The parameters are:
file is a stream file.
ject_type must be JECT_OBJECT.
targ_type can be T_FILE, T_FD, T_PROC, T_MSG, T_SEM, or T_SHM.
targ specifies a stream file.
acl_type can be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT
(valid only when obj_type is Sec_Directory_File).
obj_type can be Sec_Regular_File or Sec_Directory_File.
acl_d is a correctly allocated ACL.
flags is one or more of the following options (separated by
the "OR" (|) operator):
ACL_PRINT_ID_NAME
ACL_PRINT_EFFECTIVE_PERM
ACL_PRINT_OBJECT_NAME
ACL_PRINT_OWNING_USER
ACL_PRINT_OWNING_GROUP
ACL_PRINT_SORTED_ACL
mask_ptr is the address of a variable of type acl_permset_t
which can be used to specify mask permissions when
printing an incomplete, invalid ACL.
Errors:
EINVAL acl_d is not an ACL allocated by acl_alloc().
EINVAL One or more of the parameters is not as specified above.
ENOMEM There was insufficient space available from the system to
complete the operation.
acl_get_text
This function allocates a character buffer and places the POSIX text
description of the specified ACL in that character buffer. Upon
successful completion, acl_get_text returns the pointer to the
character buffer. If an error occurs, NULL is returned. This
function does not retrieve the ACL from the object. Rather, the
object information is only used to properly construct the comments in
the ACL text representation. This ACL displayed is the ACL passed in
acl_d.
The parameters are:
ject_type must be JECT_OBJECT.
targ_type can be T_FILE, T_FD, T_PROC, T_MSG, T_SEM, or T_SHM.
targ specifies the target object.
acl_type can be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT
(valid only when obj_type is Sec_Directory_File).
obj_type can be Sec_Regular_File or Sec_Directory_File.
acl_d is a correctly allocated ACL.
flags is one or more of the following options (separated by
the "OR" (|) operator):
ACL_PRINT_ID_NAME
ACL_PRINT_EFFECTIVE_PERM
ACL_PRINT_OBJECT_NAME
ACL_PRINT_OWNING_USER
ACL_PRINT_OWNING_GROUP
ACL_PRINT_SORTED_ACL
mask_ptr is the address of a variable of type acl_permset_t
which can be used to specify mask permissions when
printing an incomplete, invalid ACL.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc() or
contains other errors. Use acl_valid() to determine what
errors are in the ACL.
EINVAL One or more of the parameters is not as specified above.
ENOMEM There was insufficient space available from the system to
complete the operation.
acl_internal_clear
This function sets all storage specified by acl_d to zero. That is,
it removes the text and binary ACL if they exist. Note that if a
file has an extended ACL and it is removed, the file is left with a
minimum ACL.
acl_internal_copy
This function copies the ACL referenced by src into the ACL working
storage referenced by dest. If there is insufficient space in dest
to perform the operation, then additional memory is allocated. Any
ACL previously in dest is overwritten.
Errors:
EINVAL src or dest is not a valid acl_d as allocated by acl_alloc().
EINVAL src and dest do not have the same structure revision number.
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
acl_internal_free
This function frees all storage associated with acl_dp and sets the
pointer referred to by *acl_dp to NULL.
Errors:
EINVAL acl_dp is NULL.
acl_no_calc_mask
This function calculates a mask by taking the union of the
permissions of the entries in the File Group Class (ACL_GROUP_OBJ,
ACL_USER, and ACL_GROUP) and creates an ACL_MASK_OBJ entry in acl_d
if an ACL_MASK_OBJ entry does not currently exist. If one does
exist, then the function performs no action.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
acl_order
This function reorders the entries of the specified ACL acl_d in the
following order:
ACL_USER_OBJ
ACL_GROUP_OBJ
ACL_OTHER_OBJ
ACL_MASK_OBJ
ACL_USER (ordered numerically by UID)
ACL_GROUP (ordered numerically by GID)
There is no check made for duplicate entries.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc().
acl_printf
This function prints the POSIX text description of the specified ACL
to standard output. This function does not retrieve the ACL from the
object. Rather, the object information is only used to properly
construct the comments in the ACL text representation. The ACL
displayed is the ACL passed in acl_d.
The parameters are:
ject_type must be JECT_OBJECT.
targ_type can be T_FILE, T_FD, T_PROC, T_MSG, T_SEM, or T_SHM.
targ specifies the target object.
acl_type can be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT
(valid only when obj_type is Sec_Directory_File).
obj_type can be Sec_Regular_File or Sec_Directory_File.
acl_d is a correctly allocated ACL.
flags is one or more of the following options (separated by
the "OR" (|) operator):
ACL_PRINT_ID_NAME
ACL_PRINT_EFFECTIVE_PERM
ACL_PRINT_OBJECT_NAME
ACL_PRINT_OWNING_USER
ACL_PRINT_OWNING_GROUP
ACL_PRINT_SORTED_ACL
mask_ptr is the address of a variable of type acl_permset_t
which can be used to specify mask permissions when
printing an incomplete, invalid ACL.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc() or
contains other errors. Use acl_valid() to determine what
errors are in the ACL.
EINVAL One or more of the parameters is not as specified above.
ENOMEM There was insufficient space available from the system to
complete the operation.
acl_read_ject
This function reads the ACL of the specified object into the ACL
working storage specified by acl_d. If there is insufficient space
in the ACL for creating a new entry, then additional memory is
allocated. If the ACL_TYPE_DEFAULT option is specified, and if the
target object is a directory which does not have a default ACL, the
function will still return success, but acl_d will be empty on
return.
The parameters are:
ject_type must be JECT_OBJECT.
targ_type can be T_FILE or T_FD.
acl_type can be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT
(valid only when obj_type is Sec_Directory_File).
acl_d is a correctly allocated ACL.
flags is currently unused and must be set to 0.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc()
or contains other errors. Use acl_valid() to determine
what errors are in the ACL.
EINVAL One or more of the parameters is not as specified
above.
ENOMEM There was insufficient space available from the system
to complete the operation.
EACCES Search permission is denied on a component of the path
prefix.
EACCES Attribute read access to path is denied.
ENAMETOOLONG The length of path exceeds {PATH_MAX}, or a pathname
component is longer than {NAME_MAX} while
{POSIX_NO_TRUNC} is in effect.
ENOTDIR A component of the path prefix is not a directory.
ENOTDIR type is ACL_TYPE_DEFAULT and path does not refer to a
directory.
ENOENT The named file object does not exist or path points to
an empty string.
EINVAL type is neither ACL_TYPE_ACCESS nor ACL_TYPE_DEFAULT.
acl_write_ject
This function writes the ACL specified by acl_d on the file object
specified. Any ACL previously associated with the file object is
overwritten.
The parameters are:
ject_type must be JECT_OBJECT.
targ_type can be T_FILE or T_FD.
acl_type can be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT
(valid only when obj_type is Sec_Directory_File).
acl_d is a correctly allocated ACL.
flags is currently unused and must be set to 0.
Errors:
EINVAL acl_d does not refer to an ACL allocated by acl_alloc()
or contains other errors. Use acl_valid() to determine
what errors are in the ACL.
EINVAL One or more of the parameters is not as specified
above.
ENOMEM There was insufficient space available from the system
to complete the operation.
EACCES Search permission is denied on a component of the path
prefix.
EACCES Attribute write access to path is denied.
ENAMETOOLONG The length of path exceeds {PATH_MAX}, or a pathname
component is longer than {NAME_MAX} while
{POSIX_NO_TRUNC} is in effect.
ENOTDIR A component of the path prefix is not a directory.
ENOTDIR type is ACL_TYPE_DEFAULT and path does not refer to a
directory.
ENOENT The named file object does not exist or path points to
an empty string.
EINVAL type is neither ACL_TYPE_ACCESS nor ACL_TYPE_DEFAULT.
EPERM The effective UID of the process does not match the
owner of the file object and the process does not have
appropriate privilege to write the ACL.
ENOSPC There was not enough space to store the entire ACL from
the working storage during the write of the ACL.
ENOSPC {_POSIX_ACL_PRESENT} is not in effect for path and the
ACL contains more than the three base entries
(ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER_OBJ).
EROFS The named file object resides on a read-only file
system.
SEE ALSO
getacl(1), setacl(1), dg_getoacl(2), dg_setoacl(2), aa_library(3),
audit_library(3), cap_library(3), mac_library(3).
Licensed material--property of copyright holder(s)