Removes one or more user-defined authorizations.
The rmauth command removes the user-defined authorization identified by the Name parameter. The command only removes existing user-defined authorizations in the authorization database. You cannot remove system-defined authorizations with this command. If an authorization is being referenced in the privileged command database, it cannot be removed until the authorization is no longer referenced by the database.
By default, the rmauth command only attempts to remove the specified authorization from the authorization database. You must remove authorizations from the lowest level of a hierarchy before the higher level can be removed. If you specify a higher level authorization and lower-level authorizations still exist, the command fails. To remove a hierarchy of authorizations, specify the -h flag. With the -h flag, any lower-level authorization beneath the specified authorization is also removed. If any of the lower level authorizations is being referenced in the privileged command database, no authorizations are removed and the entire operation fails.
If the system is configured to use databases from multiple domains, the rmauth command finds the first match from the database domains in the order that was specified by the secorder attribute of the authorizations stanza in the /etc/nscontrol.conf file. Meanwhile, the rmauth command removes that authorization entry from the domain. If any matching authorizations from the rest of the domains exist, they are not affected. Use the -R flag to remove an authorization from a specific domain.
When the system is operating in enhanced role based access control (RBAC) mode, modifications made to the authorization database are not used for security considerations until the database is sent to the kernel security tables using the setkst command.
Item | Description |
---|---|
-h | Allows removal of a hierarchy of authorizations. |
-R load_module | Specifies the loadable module to use for the authorization deletion. |
Item | Description |
---|---|
Name | Specifies the authorization to remove. |
Item | Description |
---|---|
aix.security.auth.remove | Required to run the command. |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
File | Mode |
---|---|
/etc/security/authorizations | rw |
rmauth custom.test
rmauth -h custom
rmauth -h custom.test