Each resource has an associated ipc_perm
struct which defines the
creator, owner and access perms for the resource.
struct ipc_perm key_t key; /* set by creator */ ushort uid; /* owner euid and egid */ ushort gid; ushort cuid; /* creator euid and egid */ ushort cgid; ushort mode; /* access modes in lower 9 bits */ ushort seq; /* sequence number */
The creating process is the default owner. The owner can be reassigned by the creator and has creator perms. Only the owner, creator or super-user can delete the resource.
The lowest nine bits of the flags parameter supplied by the user to the
system call are compared with the values stored in ipc_perms.mode
to determine if the requested access is allowed. In the case
that the system call creates the resource, these bits are initialized
from the user supplied value.
As for files, access permissions are specified as read, write and exec for user, group or other (though the exec perms are unused). For example 0624 grants read-write to owner, write-only to group and read-only access to others.
For shared memory, note that read-write access for segments is determined
by a separate flag which is not stored in the mode
field.
Shared memory segments attached with write access can be read.
The cuid
, cgid
, key
and seq
fields
cannot be changed by the user.