Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

241

242

243

244

245

246

247

248

249

250

System Functions (k - m) lchown(2)

The _POSIX_CHOWN_RESTRICTED feature is enforced for all ﬁles in the OSS ﬁle system.

Only processes with appropriate privileges can change owner IDs.

If the owner or group parameter is speciﬁed as -1 cast to the type of uid_t or gid_t, respectively,

the corresponding ID of the ﬁle is unchanged. To change only one attribute, specify the other as

-1.

Upon successful completion, the lchown() function marks the st_ctime ﬁeld of the ﬁle for

update.

Access Control Lists (ACLs)

A user can allow or deny speciﬁc individuals and groups access to a ﬁle by using an ACL on the

ﬁle. When using the lchown() function with ACLs, if the new owner and/or group of a ﬁle have

optional ACL entries corresponding to user:uid:perm or group:gid:perm in the ACL for a ﬁle,

those entries remain in the ACL but no longer have any effect because they are superseded by the

user::perm or group::perm entries in the ACL.

ACLs are not supported for symbolic links.

For more information about ACLs, see the acl(5) reference page.

Accessing Files in Restricted-Access Filesets

When accessing a ﬁle in a restricted-access ﬁleset, the super ID (255,255 in the Guardian

environment, 65535 in the OSS environment) is restricted. In a restricted-access ﬁleset:

• The super ID (255,255 in the Guardian environment, 65535 in the OSS environment) is

not permitted to invoke this function on ﬁles that it does not own unless the executable

ﬁle started by the super ID has the PRIVSETID ﬁle privilege. In this case, the process

started by the super ID can switch to another ID and then access ﬁles in restricted-access

ﬁlesets as that ID.

• Processes that are started by a member of the Safeguard SECURITY-OSS-

ADMINISTRATOR (SOA) group have the appropriate privilege to use this function on

any ﬁle in a restricted-access ﬁleset. However, if the executable ﬁle for the process does

not have the PRIVSOARFOPEN ﬁle privilege, the set-user-ID and set-group-ID bits of

the ﬁle mode (04000 and 02000 respectively) of the ﬁle accessed by this function are

cleared.

• Network File System (NFS) clients are not granted SOA group privileges, even if these

clients are accessing the system with a user ID that is a member of the SOA security

group.

For more information about restricted-access ﬁlesets and ﬁle privileges, see the Open System Ser-

vices Management and Operations Guide.

Use on Guardian Objects

You can use lchown() function on Guardian disk ﬁles (that is, disk ﬁles in the /G ﬁle system).

Attempts to change the ownership of other types of Guardian ﬁles fail and set errno to [EIN-

VAL].

For Guardian disk ﬁles, Guardian security is used, and any user can pass ﬁle ownership to any

other user. You must specify value other than -1 for the owner parameter (that is, an owner ID

must be speciﬁed). However, changing the owner ID also changes the group ID to the Guardian

group ID of the new owner (that is, bits <16:23> of the new access ID). You cannot use the

lchown() function to set the group ID for a Guardian ﬁle except as a result of changing the owner

ID.

The _POSIX_CHOWN_RESTRICTED feature is ignored for ﬁles in the Guardian ﬁle system

(that is, for ﬁles in /G).

527186-023 Hewlett-Packard Company 4−11