KEYCTL_SETPERM(3) Linux Key Management Calls KEYCTL_SETPERM(3)NAMEkeyctl_setperm - Change the permissions mask on a key
long keyctl_setperm(key_serial_t key, key_perm_t perm);
DESCRIPTIONkeyctl_setperm() changes the permissions mask on a key.
A process that does not have the SysAdmin capability may not change the
permissions mask on a key that doesn't have the same UID as the caller.
The caller must have setattr permission on a key to be able change its
The permissions mask is a bitwise-OR of the following flags:
Grant permission to view the attributes of a key.
Grant permission to read the payload of a key or to list a
Grant permission to modify the payload of a key or to add or
remove links to/from a keyring.
Grant permission to find a key or to search a keyring.
Grant permission to make links to a key.
Grant permission to change the ownership and permissions
attributes of a key.
Grant all the above.
The 'xxx' in the above should be replaced by one of:
POS Grant the permission to a process that possesses the key (has it
attached searchably to one of the process's keyrings).
USR Grant the permission to a process with the same UID as the key.
GRP Grant the permission to a process with the same GID as the key,
or with a match for the key's GID amongst that process's Groups
OTH Grant the permission to any other process.
Examples include: KEY_POS_VIEW, KEY_USR_READ, KEY_GRP_SEARCH and
User, group and other grants are exclusive: if a process qualifies in
the 'user' category, it will not qualify in the 'groups' category; and
if a process qualifies in either 'user' or 'groups' then it will not
qualify in the 'other' category.
Possessor grants are cumulative with the grants from the 'user',
'groups' and 'other' categories.
On success keyctl_setperm() returns 0 . On error, the value -1 will be
returned and errno will have been set to an appropriate error.
ENOKEY The specified key does not exist.
The specified key has expired.
The specified key has been revoked.
EACCES The named key exists, but does not grant setattr permission to
the calling process.
This is a library function that can be found in libkeyutils. When
linking, -lkeyutils should be specified to the linker.
keyrings(7)Linux 4 May 2006 KEYCTL_SETPERM(3)