keyctl_setperm() changes the permissions mask on a key.
A process that does not have the SysAdmin capability may not change
the permissions mask on a key that doesn't have the same UID as the
The caller must have setattr permission on a key to be able change
its permissions mask.
The permissions mask is a bitwise-OR of the following flags:
Grant permission to view the attributes of a key.
Grant permission to read the payload of a key or to list a
Grant permission to modify the payload of a key or to add or
remove links to/from a keyring.
Grant permission to find a key or to search a keyring.
Grant permission to make links to a key.
Grant permission to change the ownership and permissions
attributes of a key.
Grant all the above.
The 'xxx' in the above should be replaced by one of:
POS Grant the permission to a process that possesses the key (has
it attached searchably to one of the process's keyrings).
USR Grant the permission to a process with the same UID as the
GRP Grant the permission to a process with the same GID as the
key, or with a match for the key's GID amongst that process's
OTH Grant the permission to any other process.
Examples include: KEY_POS_VIEW, KEY_USR_READ, KEY_GRP_SEARCH and
User, group and other grants are exclusive: if a process qualifies in
the 'user' category, it will not qualify in the 'groups' category;
and if a process qualifies in either 'user' or 'groups' then it will
not qualify in the 'other' category.
Possessor grants are cumulative with the grants from the 'user',
'groups' and 'other' categories.
ENOKEY The specified key does not exist.
The specified key has expired.
The specified key has been revoked.
EACCES The named key exists, but does not grant setattr permission to
the calling process.
This page is part of the keyutils (key management utilities) project.
Information about the project can be found at [unknown -- if you
know, please contact email@example.com] If you have a bug report for
this manual page, send it to firstname.lastname@example.org. This page was
obtained from the project's upstream Git repository
on 2016-07-16. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-to-
date source for the page, or you have corrections or improvements to
the information in this COLOPHON (which is not part of the original
manual page), send a mail to email@example.com
Linux 4 May 2006 KEYCTL_SETPERM(3)