KEYCTL_SETPERM
NAMESYNOPSIS
DESCRIPTION
RETURN VALUE
ERRORS
LINKING
SEE ALSO
NAME
keyctl_setperm − Change the permissions mask on a key
SYNOPSIS
#include <keyutils.h>
long keyctl_setperm(key_serial_t key, key_perm_t perm);
DESCRIPTION
keyctl_setperm() changes the permissions mask on a key.
A process that does not have the SysAdmin capability may not change the permissions mask on a key that doesn’t have the same UID as the caller.
The caller must have setattr permission on a key to be able change its permissions mask.
The permissions
mask is a bitwise-OR of the following flags:
KEY_xxx_VIEW
Grant permission to view the attributes of a key.
KEY_xxx_READ
Grant permission to read the payload of a key or to list a keyring.
KEY_xxx_WRITE
Grant permission to modify the payload of a key or to add or remove links to/from a keyring.
KEY_xxx_SEARCH
Grant permission to find a key or to search a keyring.
KEY_xxx_LINK
Grant permission to make links to a key.
KEY_xxx_SETATTR
Grant permission to change the ownership and permissions attributes of a key.
KEY_xxx_ALL
Grant all the above.
The ’xxx’ in the above should be replaced by one of:
|
POS |
Grant the permission to a process that possesses the key (has it attached searchably to one of the process’s keyrings). | ||
|
USR |
Grant the permission to a process with the same UID as the key. | ||
|
GRP |
Grant the permission to a process with the same GID as the key, or with a match for the key’s GID amongst that process’s Groups list. | ||
|
OTH |
Grant the permission to any other process. |
Examples include: KEY_POS_VIEW, KEY_USR_READ, KEY_GRP_SEARCH and KEY_OTH_ALL.
User, group and other grants are exclusive: if a process qualifies in the ’user’ category, it will not qualify in the ’groups’ category; and if a process qualifies in either ’user’ or ’groups’ then it will not qualify in the ’other’ category.
Possessor grants are cumulative with the grants from the ’user’, ’groups’ and ’other’ categories.
RETURN VALUE
On success keyctl_setperm() returns 0 . On error, the value -1 will be returned and errno will have been set to an appropriate error.
ERRORS
|
ENOKEY |
The specified key does not exist. |
EKEYEXPIRED
The specified key has expired.
EKEYREVOKED
The specified key has been revoked.
|
EACCES |
The named key exists, but does not grant setattr permission to the calling process. |
LINKING
This is a library function that can be found in libkeyutils. When linking, -lkeyutils should be specified to the linker.
SEE ALSO
keyctl(1),
add_key(2),
keyctl(2),
request_key(2),
keyctl(3),
keyutils(7),
keyrings(7)
More Linux Commands
manpages/XGrabPointer.3.html
XGrabPointer(3) - grab the pointer - Linux manual page......
The XGrabPointer function actively grabs control of the pointer and returns GrabSuccess if the grab was successful. Further pointer events are reported only to
manpages/gnutls_openpgp_keyring_deinit.3.html
gnutls_openpgp_keyring_deinit(3) - API function (Man Page)
This function will deinitialize a keyring structure. REPORTING BUGS Report bugs to <bug-gnutls@gnu.org>. GnuTLS home page: http://www.gnu.org/software/gnutls/ G
manpages/perlfunc.1.html
perlfunc(1) - Perl builtin functions - Linux manual page....
The functions in this section can serve as terms in an expression. They fall into two major categories: list operators and named unary operators. These differ i
manpages/Tcl_UniCharIsControl.3.html
Tcl_UniCharIsControl(3) - routines for classification of Tcl
All of the routines described examine Tcl_UniChars and return a boolean value. A non-zero return value means that the character does belong to the character cla
manpages/atan2.3.html
atan2(3) - arc tangent function of two variables (Man Page)
The atan2() function calculates the principal value of the arc tangent of y/x, using the signs of the two arguments to determine the quadrant of the result. RET
manpages/mvin_wch.3ncurses.html
mvin_wch(3ncurses) - extract a complex character and renditi
These functions extract the complex character and rendition from the current position in the named window into the cchar_t object referenced by wcval. RETURN VA
manpages/lavpipe.1.html
lavpipe(1) - creates raw YUV streams from pipe list scripts
lavpipe reads a script file called pipe list that is of a similar structure as the edit lists that can be fed into lav2yuv. For info about the pipe list format
manpages/Tcl_SetDoubleObj.3.html
Tcl_SetDoubleObj(3) - manipulate Tcl objects as floating-poi
These procedures are used to create, modify, and read Tcl objects that hold double-precision floating-point values. Tcl_NewDoubleObj creates and returns a new T
manpages/SDL_SetCursor.3.html
SDL_SetCursor(3) - Set the currently active mouse cursor....
Sets the currently active cursor to the specified one. If the cursor is currently visible, the change will be immediately represented on the display. SEE ALSO S
manpages/joe.1.html
joe(1) - Joe's Own Editor (Commands - Linux manual page)....
JOE is a powerful ASCII-text screen editor. It has a mode-less user interface which is similar to many user-friendly PC editors. Users of Micro-Pros WordStar or
manpages/fblocked.n.html
fblocked(n) - Test whether the last input operation exhauste
The fblocked command returns 1 if the most recent input operation on channelId returned less information than requested because all available input was exhauste
manpages/xml_pp.1.html
xml_pp(1) xml prettyprinter (Commands - Linux man page).....
XML pretty printer using XML::Twig OPTIONS -i[<extension>] edits the file(s) in place, if an extension is provided (no space between -i and the extension) then
