chaudit — Change audit flags for a file
Format
chaudit [–Fdai] attr pathname …
Description
chaudit changes the audit attributes of the specified files or directories. Audit attributes determine whether or not accesses to a file are audited by the system authorization facility (SAF) interface.
Restriction: The chaudit command can be used only by the file owner or a superuser for non-auditor-requested audit attributes. Only a user with auditor authority can change the auditor-requested audit attributes.
Options
- –F
- If you specify a directory as a path name on the command, chaudit changes the audit characteristics of all files in that directory. Subdirectory audit characteristics are not changed.
- –d
- If you specify a directory as a path name on the command, chaudit changes the audit characteristics of all the subdirectories in that directory. File audit characteristics are not changed.
- –a
- Auditor-requested audit attributes are to be changed for the files or directories specified. If –a is not specified, user-requested audit attributes are changed.
- –i
- Does not issue error messages concerning file access authority, even if chaudit encounters such errors.
The symbolic form of the attr argument
has the form:
[operation]
op auditcondition[op auditcondition …]
The operation value
is any combination of the following:
- r
- Sets the file to audit read attempts.
- w
- Sets the file to audit write attempts.
- x
- Sets the file to audit execute attempts.
The default is rwx.
The op part
of a symbolic mode is an operator telling whether chaudit should
turn file auditing on or off. The possible values are:
- +
- Turns on specified audit conditions.
- -
- Turns off specified audit conditions.
- =
- Turns on the specified audit conditions and turns off all others.
The auditcondition part
of a symbolic mode is any combination of the following:
- s
- Audit on successful access if the audit attribute is on.
- f
- Audit on failed access if the audit attribute is on.
You can specify multiple symbolic attr values if you separate them with commas.
Examples
- The command:
changes the file file so that successful file accesses are not audited.chaudit –s file
- The command:
changes the file file1 so that all successful and unsuccessful file accesses are audited.chaudit rwx=sf file1
- The command:
changes the file file2 so that unsuccessful file read accesses are audited.chaudit r=f file2
- The command:
changes the file file3 to not audit unsuccessful file read accesses and to audit successful write accesses.chaudit r-f,w+s file3
Localization
chaudit uses
the following localization environment variables:
- LANG
- LC_ALL
- LC_MESSAGES
- NLSPATH
See Localization for more information.
Exit values
- 0
- Successful completion
- 1
- Failure due to any of the following:
- Inability to access a specified file
- Inability to change the audit attributes for a specified file
- Inability to not read the directory containing item to change
- Irrecoverable error when using the –F or –d option
- 2
- Failure due to any of the following:
- Missing or incorrect attr argument
- Too few arguments
Messages
Possible error messages include:
- fatal error during -F or -d option
- You specified the –F or –d option, but some file or directory in the directory structure was inaccessible. This may happen because of permissions or because you have removed a removable unit.
- read directory name
- You do not have read permissions on the specified directory.
Portability
None. This is a security extension that comes with z/OS UNIX services.
Related information
chmod, chown, ls