Sets the access control information of a file.
The aclput command sets the access control information of the file object specified by the FileObject parameter. The command reads standard input for the access control information, unless you specify the -i flag.
Access Control Lists form the core of protection for file system objects. Each file system object is uniquely associated with one piece of data, called ACL, that defines the access rights to the object. ACL could consist of multiple Access Control Entries (ACEs), each defining one particular set of access rights for an user. Typically, ACE consists of information such as identification (to whom this ACE applies) and access rights (allow-read, deny-write). ACE might also capture information such as inheritance flags and alarm and audit flags. The format and enforcement of ACL data is entirely dependent on the ACL type in which they are defined. AIX® provides for existence of multiple ACL types on the operating system. The list of ACLs supported by a file system instance is dependent on the physical file system implementation for that file system instance.
Item | Description |
---|---|
-i inAclFile | Specifies the input file for access control information.
If the access control information in the file specified by the InFile parameter is not correct, when you try to apply it to
a file, an error message preceded by an asterisk is added to the input
file. Note: The size of the ACL information depends on the ACL type. |
-R | Applys ACL to this directory and its children file system objects recursively. |
-t ACL_type | Specifies the ACL type of the ACL information being displayed. If this option is not provided the actual ACL data in its original ACL type will be displayed. The supported ACL types are ACLX and NFS4. |
-v | Verbose option. This option displays many comment lines as part of the ACL data display. This could help in understanding the details of complex ACL types. |
Access Control
This command should be a standard user program and have the trusted computing base attribute.
Auditing Events
If the auditing subsystem is properly configured and is enabled, the aclput command generates the following audit record or event every time the command is run:
Event | Information |
---|---|
FILE_WriteXacl | Modification to access controls. |
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
aclput status
attributes: SUID
and then press the Ctrl-D sequence to
exit the session.aclput -i acldefs status
aclget plans | aclput status
aclget -o acl plans
This stores the access control information for the plans file in the acl file. Edit the information in the acl file, using your favorite editor. Then, enter:aclput -iacl status
This second command takes the access control information in the acl file and puts it on the status file.Item | Description |
---|---|
/usr/bin/aclput | Contains the aclput command. |