Open System Services System Calls Reference Manual (G06.28+, H06.05+)
acl(2) OSS System Calls Reference Manual
cmd Specifies the action to be taken by the acl() function. The cmd parameter can be
one of these values:
ACL_SET The acl() function stores the entries specified by the nentries
and aclbufp parameters in the ACL for the file. The new ACL
replaces any existing ACL for the file. This value for cmd can
only be executed by a process that has an effective user ID equal
to the owner of the file or the super ID, or is a member of the
Safeguard SECURITY-OSS-ADMINISTRATOR group. All
directories in the pathname must be searchable.
ACL_GET The buffer aclbufp is filled with the ACL entries for the file.
Discretionary read access to the file is not required, but all direc-
tories in the pathname must be searchable.
ACL_CNT The number of entries in the ACL for the file is returned. Dis-
cretionary read access to the file is not required, but all direc-
tories in the pathname must be searchable.
DESCRIPTION
The acl() function manipulates ACLs on file system objects in filesets that support OSS ACLs.
A process on a system that does not support ACLs can use the chmod() function to remotely
modify the permissions in the base ACL entries of a file (see the chmod(2) reference page).
ACLs are supported for OSS files only. For a detailed description of ACLs, see the acl(5) refer-
ence page.
A call to acl() specified with the ACL_SET command succeeds only if all of these conditions
are true:
• The ACL contains exactly one entry each of type USER_OBJ, GROUP_OBJ,
CLASS_OBJ, and OTHER_OBJ.
• If pathp points to a directory, the ACL contains at most one entry each of type
DEF_USER_OBJ, DEF_GROUP_OBJ, DEF_CLASS_OBJ, and
DEF_OTHER_OBJ.
• Entries of type USER, GROUP, DEF_USER,orDEF_GROUP do not contain dupli-
cate entries. A duplicate entry is one of the same type containing the same numeric ID.
• If the ACL contains no entries of type USER and no entries of type GROUP, the entries
of type GROUP_OBJ and CLASS_OBJ have the same permissions.
• If the ACL contains no entries of type DEF_USER and no entries of type
DEF_GROUP, and an entry of type DEF_GROUP_OBJ is specified, an entry of type
DEF_CLASS_OBJ is also specified and the two entries have the same permissions.
RETURN VALUES
Upon successful completion, the acl() function returns one of the following values, depending on
the value of the cmd parameter:
• For successful ACL_CNT or ACL_GET commands, the acl() function returns the
number of ACL entries.
• For successful ACL_SET commands, the acl() function returns a 0 (zero).
If the acl() function fails, the value -1 is returned and errno is set to indicate the error.
1−10 Hewlett-Packard Company 527186-007