Format
chaudit [–Fdai] attr
pathname …
Description
chaudit changes
the audit attributes of the specified files or directories. Audit
attributes determine whether or not accesses to a file are audited
by the system authorization facility (SAF) interface.
Restriction: The chaudit command
can be used only by the file owner or a superuser for non-auditor-requested
audit attributes. Only a user with auditor authority can change the
auditor-requested audit attributes.
Options
- –F
- If you specify a directory as a path name on the command, chaudit changes
the audit characteristics of all files in that directory. Subdirectory
audit characteristics are not changed.
- –d
- If you specify a directory as a path name on the command, chaudit changes
the audit characteristics of all the subdirectories in that directory.
File audit characteristics are not changed.
- –a
- Auditor-requested audit attributes are to be changed for the files
or directories specified. If –a is not specified,
user-requested audit attributes are changed.
- –i
- Does not issue error messages concerning file access authority,
even if chaudit encounters such errors.
The symbolic form of the
attr argument
has the form:
[operation]
op auditcondition[op auditcondition …]
The
operation value
is any combination of the following:
- r
- Sets the file to audit read attempts.
- w
- Sets the file to audit write attempts.
- x
- Sets the file to audit execute attempts.
The default is rwx.
The
op part
of a symbolic mode is an operator telling whether
chaudit should
turn file auditing on or off. The possible values are:
- +
- Turns on specified audit conditions.
- -
- Turns off specified audit conditions.
- =
- Turns on the specified audit conditions and turns off all others.
The
auditcondition part
of a symbolic mode is any combination of the following:
- s
- Audit on successful access if the audit attribute is on.
- f
- Audit on failed access if the audit attribute is on.
You can specify multiple symbolic attr values
if you separate them with commas.
Examples
- The command:
chaudit –s file
changes
the file file so that successful file accesses are not audited.
- The command:
chaudit rwx=sf file1
changes
the file file1 so that all successful and unsuccessful file
accesses are audited.
- The command:
chaudit r=f file2
changes
the file file2 so that unsuccessful file read accesses are
audited.
- The command:
chaudit r-f,w+s file3
changes
the file file3 to not audit unsuccessful file read accesses
and to audit successful write accesses.
Localization
chaudit uses
the following localization environment variables:
- LANG
- LC_ALL
- LC_MESSAGES
- NLSPATH
See Localization for more
information.
Exit values
- 0
- Successful completion
- 1
- Failure due to any of the following:
- Inability to access a specified file
- Inability to change the audit attributes for a specified file
- Inability to not read the directory containing item to change
- Irrecoverable error when using the –F or –d
option
- 2
- Failure due to any of the following:
- Missing or incorrect attr argument
- Too few arguments
Messages
Possible error messages include:
- fatal error during -F or -d option
- You specified the –F or –d option,
but some file or directory in the directory structure was inaccessible.
This may happen because of permissions or because you have removed
a removable unit.
- read directory name
- You do not have read permissions on the specified directory.
Portability
None. This is a security extension
that comes with z/OS UNIX services.
Related information
chmod, chown, ls