Edits the access control information of a file.
The acledit command lets you change the access control information of the file specified by the FileObject parameter. The command displays the current access control information and lets the file owner change it with the editor specified by the EDITOR environment variable. Before making any changes permanent, the command asks if you want to proceed.
The access control information displayed depends on the ACL type associated with the file system object. Information typically includes access control entries displayed for owner and others. Also, file mode bits associated with the object could be displayed.
attributes: SUID
base permissions:
owner (frank): rw-
group (system): r-x
others : ---
extended permissions:
enabled
permit rw- u:dhs
deny r-- u:chas, g:system
specify r-- u:john, g:gateway, g:mail
permit rw- g:account, g:financeNote: If the acledit command is operating in a trusted path, the editor must have the trusted process attribute set.
| Item | Description |
|---|---|
| -t | This optional input specifies the ACL type in which the ACL data will be stored at the end of the ACL editing process. If no option is specified, then the ACL currently associated with the file system object will be edited in its ACL type format. If an ACL type is specified with this flag, then it is assumed that user is trying to modify the current ACL type and store the ACL in a new ACL type format. When this flag is specified and the ACL type does not match the type that exists currently, it is expected that user will modify the contents of the ACL data to format into the new ACL type specific format before saving. The supported ACL types are ACLX and NFS4. |
| -v | Displays the ACL information in Verbose mode. Comment lines will be added to explain more details about the ACL associated with the FS object. These comment lines are generated when the command is executed and do not reside anywhere persistently. Hence, any modifications to the same will be lost when acledit is exited. |
Access Control
This command should be a standard user command and have the trusted computing base attribute.
Auditing Events
If the auditing subsystem is properly configured and is enabled, the acledit command generates the following audit record or event every time the command is run:
| Event | Information |
|---|---|
| FILE_Acl | Lists access controls. |
Files Accessed
| Mode | File |
|---|---|
| x | /usr/bin/aclget |
| x | /usr/bin/aclput |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
To edit the access control information of the plans file, enter:
acledit plans| Item | Description |
|---|---|
| /usr/bin/acledit | Contains the acledit command. |