1KEYCTL_SETPERM(3)         Linux Key Management Calls         KEYCTL_SETPERM(3)
2
3
4

NAME

6       keyctl_setperm - change the permissions mask on a key
7

SYNOPSIS

9       #include <keyutils.h>
10
11       long keyctl_setperm(key_serial_t key, key_perm_t perm);
12

DESCRIPTION

14       keyctl_setperm() changes the permissions mask on a key.
15
16       A process that does not have the SysAdmin capability may not change the
17       permissions mask on a key that doesn't have the same UID as the caller.
18
19       The caller must have setattr permission on a key to be able change  its
20       permissions mask.
21
22       The permissions mask is a bitwise-OR of the following flags:
23
24       KEY_xxx_VIEW
25              Grant permission to view the attributes of a key.
26
27       KEY_xxx_READ
28              Grant  permission  to  read  the  payload  of a key or to list a
29              keyring.
30
31       KEY_xxx_WRITE
32              Grant permission to modify the payload of a key  or  to  add  or
33              remove links to/from a keyring.
34
35       KEY_xxx_SEARCH
36              Grant permission to find a key or to search a keyring.
37
38       KEY_xxx_LINK
39              Grant permission to make links to a key.
40
41       KEY_xxx_SETATTR
42              Grant   permission  to  change  the  ownership  and  permissions
43              attributes of a key.
44
45       KEY_xxx_ALL
46              Grant all the above.
47
48       The 'xxx' in the above should be replaced by one of:
49
50       POS    Grant the permission to a process that possesses the key (has it
51              attached searchably to one of the process's keyrings).
52
53       USR    Grant the permission to a process with the same UID as the key.
54
55       GRP    Grant  the permission to a process with the same GID as the key,
56              or with a match for the key's GID amongst that process's  Groups
57              list.
58
59       OTH    Grant the permission to any other process.
60
61       Examples   include:   KEY_POS_VIEW,  KEY_USR_READ,  KEY_GRP_SEARCH  and
62       KEY_OTH_ALL.
63
64       User, group and other grants are exclusive: if a process  qualifies  in
65       the  'user' category, it will not qualify in the 'groups' category; and
66       if a process qualifies in either 'user' or 'groups' then  it  will  not
67       qualify in the 'other' category.
68
69       Possessor  grants  are  cumulative  with  the  grants  from the 'user',
70       'groups' and 'other' categories.
71

RETURN VALUE

73       On success keyctl_setperm() returns 0 .  On error, the value -1 will be
74       returned and errno will have been set to an appropriate error.
75

ERRORS

77       ENOKEY The specified key does not exist.
78
79       EKEYEXPIRED
80              The specified key has expired.
81
82       EKEYREVOKED
83              The specified key has been revoked.
84
85       EACCES The  named  key exists, but does not grant setattr permission to
86              the calling process.
87

LINKING

89       This is a library function that can  be  found  in  libkeyutils.   When
90       linking, -lkeyutils should be specified to the linker.
91

SEE ALSO

93       keyctl(1), add_key(2), keyctl(2), request_key(2), keyctl(3),
94       keyrings(7), keyutils(7)
95
96
97
98Linux                             4 May 2006                 KEYCTL_SETPERM(3)
Impressum