next up previous contents
Next: Control Requirements Up: Design Previous: Object Classes   Contents


Permissions


Table: Permissions for the semaphore object class.
PERMISSION(S) DESCRIPTION
associate Associate a key with a semaphore set
read Read
write Write
create Create
destroy Destroy
getattr Get attributes
setattr Set attributes



Table: Permissions for the message queue object class.
PERMISSION(S) DESCRIPTION
associate Associate a key with a queue
read Read
write Write
create Create
destroy Destroy
getattr Get attributes
setattr Set attributes
enqueue Message may reside on queue



Table: Permissions for the message object class.
PERMISSION(S) DESCRIPTION
send Add a message to a queue
receive Remove a message from a queue



Table: Permissions for the shared memory object class.
PERMISSION(S) DESCRIPTION
associate Associate a key with a segment
read Read
write Write
create Create
destroy Destroy
getattr Get attributes
setattr Set attributes
lock (Un)lock page(s) in memory


The permissions defined for controlling access to each System V IPC object class are shown in Table 39, Table 40, Table 41, and Table 42.

The semget, msgget, and shmget system calls and their associated _secure variants each require associate access to associate a key with an ID when accessing an existing object by key. If an object is being created and the process has create permission, it is assumed that it implicitly has the ability to associate a key with the created IPC object and associate permission is not required. Since the key can also be obtained via semctl, msgctl, and shmctl calls with the SEM_STAT, MSG_STAT, SHM_STAT, and IPC_STAT options these also require associate permission.

The semctl(IPC_INFO), semctl(SEM_INFO), msgctl(IPC_INFO), msgctl(MSG_INFO), shmctl(IPC_INFO) and shmctl(SHM_INFO) system calls return information to the calling process that is combined from all objects of the given type without regard to the object SID. The design therefore restricts use of these calls to processes with a new system permission (ipc_info.) This access is now necessary for correct functioning of the ipcs program. It may be desirable in the future to modify the ipcs program to selectively return information based on the executing SID.


next up previous contents
Next: Control Requirements Up: Design Previous: Object Classes   Contents