Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

keyctl_setperm(3) [linux man page]

KEYCTL_SETPERM(3)                                           Linux Key Management Calls                                           KEYCTL_SETPERM(3)

NAME

       keyctl_setperm - Change the permissions mask on a key

SYNOPSIS

       #include <keyutils.h>

       long keyctl_setperm(key_serial_t key, key_perm_t perm);

DESCRIPTION

       keyctl_setperm() changes the permissions mask on a key.

       A  process  that  does  not have the SysAdmin capability may not change the permissions mask on a key that doesn't have the same UID as the
       caller.

       The caller must have setattr permission on a key to be able change its permissions mask.

       The permissions mask is a bitwise-OR of the following flags:

       KEY_xxx_VIEW
              Grant permission to view the attributes of a key.

       KEY_xxx_READ
              Grant permission to read the payload of a key or to list a keyring.

       KEY_xxx_WRITE
              Grant permission to modify the payload of a key or to add or remove links to/from a keyring.

       KEY_xxx_SEARCH
              Grant permission to find a key or to search a keyring.

       KEY_xxx_LINK
              Grant permission to make links to a key.

       KEY_xxx_SETATTR
              Grant permission to change the ownership and permissions attributes of a key.

       KEY_xxx_ALL
              Grant all the above.

       The 'xxx' in the above should be replaced by one of:

       POS    Grant the permission to a process that possesses the key (has it attached searchably to one of the process's keyrings).

       USR    Grant the permission to a process with the same UID as the key.

       GRP    Grant the permission to a process with the same GID as the key, or with a match for the key's  GID  amongst  that  process's  Groups
              list.

       OTH    Grant the permission to any other process.

       Examples include: KEY_POS_VIEW, KEY_USR_READ, KEY_GRP_SEARCH and KEY_OTH_ALL.

       User,  group  and  other grants are exclusive: if a process qualifies in the 'user' category, it will not qualify in the 'groups' category;
       and if a process qualifies in either 'user' or 'groups' then it will not qualify in the 'other' category.

       Possessor grants are cumulative with the grants from the 'user', 'groups' and 'other' categories.

RETURN VALUE

       On success keyctl_setperm() returns 0 .  On error, the value -1 will be returned and errno will have been set to an appropriate error.

ERRORS

       ENOKEY The specied key does not exist.

       EKEYEXPIRED
              The specified key has expired.

       EKEYREVOKED
              The specified key has been revoked.

       EACCES The named key exists, but does not grant setattr permission to the calling process.

LINKING

       This is a library function that can be found in libkeyutils.  When linking, -lkeyutils should be specified to the linker.

SEE ALSO

       keyctl(1),
       add_key(2),
       keyctl(2),
       request_key(2),
       keyctl_get_keyring_ID(3),
       keyctl_join_session_keyring(3),
       keyctl_update(3),
       keyctl_revoke(3),
       keyctl_chown(3),
       keyctl_describe(3),
       keyctl_clear(3),
       keyctl_link(3),
       keyctl_unlink(3),
       keyctl_search(3),
       keyctl_read(3),
       keyctl_instantiate(3),
       keyctl_negate(3),
       keyctl_set_reqkey_keyring(3),
       keyctl_set_timeout(3),
       keyctl_assume_authority(3),
       keyctl_describe_alloc(3),
       keyctl_read_alloc(3),
       request-key(8)

Linux                                                               4 May 2006                                                   KEYCTL_SETPERM(3)

Check Out this Related Man Page

KEYCTL_CHOWN(3) 					    Linux Key Management Calls						   KEYCTL_CHOWN(3)

NAME

       keyctl_chown - Change the ownership of a key

SYNOPSIS

       #include <keyutils.h>

       long keyctl_chown(key_serial_t key, uid_t uid, gid_t gid);

DESCRIPTION

       keyctl_chown() changes the user and group ownership details of a key.

       A setting of -1 on either uid or gid will cause that setting to be ignored.

       A  process  that  does  not have the SysAdmin capability may not change a key's UID or set the key's GID to a value that does not match the
       process's GID or one of its group list.

       The caller must have setattr permission on a key to be able change its ownership.

RETURN VALUE

       On success keyctl_chown() returns 0 .  On error, the value -1 will be returned and errno will have been set to an appropriate error.

ERRORS

       ENOKEY The specied key does not exist.

       EKEYEXPIRED
	      The specified key has expired.

       EKEYREVOKED
	      The specified key has been revoked.

       EDQUOT Changing the UID to the one specified would run that UID out of quota.

       EACCES The key exists, but does not grant setattr permission to the calling process.

LINKING

       This is a library function that can be found in libkeyutils.  When linking, -lkeyutils should be specified to the linker.

SEE ALSO

       keyctl(1),
       add_key(2),
       keyctl(2),
       request_key(2),
       keyctl_get_keyring_ID(3),
       keyctl_join_session_keyring(3),
       keyctl_update(3),
       keyctl_revoke(3),
       keyctl_setperm(3),
       keyctl_describe(3),
       keyctl_clear(3),
       keyctl_link(3),
       keyctl_unlink(3),
       keyctl_search(3),
       keyctl_read(3),
       keyctl_instantiate(3),
       keyctl_negate(3),
       keyctl_set_reqkey_keyring(3),
       keyctl_set_timeout(3),
       keyctl_assume_authority(3),
       keyctl_describe_alloc(3),
       keyctl_read_alloc(3),
       request-key(8)

Linux								    4 May 2006							   KEYCTL_CHOWN(3)
Man Page