Man page - keyctl_setperm(3)
Packages contains this manual
- keyctl_setperm(3)
- keyctl_chown(3)
- keyctl_pkey_query(3)
- keyctl_negate(3)
- keyctl_get_security(3)
- keyctl_move(3)
- keyctl_reject(3)
- recursive_session_key_scan(3)
- keyctl_revoke(3)
- keyctl_dh_compute_kdf(3)
- keyctl_get_persistent(3)
- keyctl(3)
- keyctl_read_alloc(3)
- keyctl_unlink(3)
- keyctl_assume_authority(3)
- keyctl_invalidate(3)
- keyctl_instantiate_iov(3)
- keyctl_pkey_sign(3)
- keyctl_capabilities(3)
- keyctl_restrict_keyring(3)
- keyctl_pkey_decrypt(3)
- keyctl_clear(3)
- keyctl_dh_compute_alloc(3)
- keyctl_session_to_parent(3)
- recursive_key_scan(3)
- find_key_by_type_and_name(3)
- keyctl_dh_compute(3)
- keyctl_describe_alloc(3)
- keyctl_read(3)
- keyctl_search(3)
- keyctl_set_reqkey_keyring(3)
- keyctl_describe(3)
- keyctl_join_session_keyring(3)
- keyctl_pkey_verify(3)
- keyctl_link(3)
- keyctl_update(3)
- keyctl_instantiate(3)
- keyctl_watch_key(3)
- keyctl_pkey_encrypt(3)
- keyctl_set_timeout(3)
- keyctl_get_security_alloc(3)
apt-get install libkeyutils-dev
Manual
KEYCTL_SETPERM
NAMESYNOPSIS
DESCRIPTION
RETURN VALUE
ERRORS
LINKING
SEE ALSO
NAME
keyctl_setperm - change the permissions mask on a key
SYNOPSIS
#include <keyutils.h>
long keyctl_setperm(key_serial_t key , key_perm_t perm );
DESCRIPTION
keyctl_setperm () changes the permissions mask on a key.
A process that does not have the SysAdmin capability may not change the permissions mask on a key that doesnāt have the same UID as the caller.
The caller must have setattr permission on a key to be able to change its permissions mask.
The permissions
mask is a bitwise-OR of the following flags:
KEY_xxx_VIEW
Grant permission to view the attributes of a key.
KEY_xxx_READ
Grant permission to read the payload of a key or to list a keyring.
KEY_xxx_WRITE
Grant permission to modify the payload of a key or to add or remove links to/from a keyring.
KEY_xxx_SEARCH
Grant permission to find a key or to search a keyring.
KEY_xxx_LINK
Grant permission to make links to a key.
KEY_xxx_SETATTR
Grant permission to change the ownership and permissions attributes of a key.
KEY_xxx_ALL
Grant all the above.
The ā xxx ā in the above should be replaced by one of:
|
POS |
Grant the permission to a process that possesses the key (has it attached searchably to one of the processās keyrings). |
||
|
USR |
Grant the permission to a process with the same UID as the key. |
||
|
GRP |
Grant the permission to a process with the same GID as the key, or with a match for the keyās GID amongst that processās Groups list. |
||
|
OTH |
Grant the permission to any other process. |
Examples include: KEY_POS_VIEW , KEY_USR_READ , KEY_GRP_SEARCH and KEY_OTH_ALL .
User, group and other grants are exclusive: if a process qualifies in the āuserā category, it will not qualify in the āgroupsā category; and if a process qualifies in either āuserā or āgroupsā then it will not qualify in the āotherā category.
Possessor grants are cumulative with the grants from the āuserā, āgroupsā and āotherā categories.
RETURN VALUE
On success keyctl_setperm () returns 0 . On error, the value -1 will be returned and errno will have been set to an appropriate error.
ERRORS
|
ENOKEY |
The specified key does not exist. |
EKEYEXPIRED
The specified key has expired.
EKEYREVOKED
The specified key has been revoked.
|
EACCES |
The named key exists, but does not grant setattr permission to the calling process. |
LINKING
This is a library function that can be found in libkeyutils . When linking, -lkeyutils should be specified to the linker.
SEE ALSO
keyctl (1), add_key (2), keyctl (2), request_key (2), keyctl (3), keyrings (7), keyutils (7)