aclconvert Command

Edit online

Purpose

Converts the access control information of a file system object from one type to another.

Syntax

aclconvert [-R ] [-I] -t ACLType File

Description

The aclconvert command converts the access control information (ACL) of the file system object that is specified by the File parameter to another type as specified by ACLType argument input to command. The conversion might fail if the target ACL type is not supported by the file system where File exists. Also note that the ACL conversion takes place with the help of an ACL type-specific algorithm and invariably the conversion is approximate. So, the conversion might result in potential loss of access control and it is must that the user of this command is sure that the converted ACL satisfies the necessary access restrictions. The user might manually review the access control information after the conversion for the file system object to ensure that the conversion was successful and fulfills the requirements of the desired access control.

Flags

Table 1. Flags
Item Description
-I Does not display any warning messages.
-R The recursive option allows the user to convert ACL types for all the file system objects under a directory structure to the desired ACL type.
-t ACLType Specifies the target ACL type to which the File's ACL type will be converted. The conversion succeeds only if the file system in question supports the ACL type requested. If the conversion is lossy, a warning message is issued. Such warning messages can be suppressed by using -I option. The supported ACL types are ACLX and NFS4.

Exit Status

This command returns the following exit values:

Table 2. Exit Status
Item Description
0 The command that is executed successfully and all requested changes were made.
>0 An error occurred.

Security

Access Control
This command should be a standard user program and have the trusted computing base attribute.
Auditing Events
If the auditing subsystem is properly configured and is enabled, the aclconvert command generates the following audit record or event every time the command is run:
Event Information
FILE_Acl Lists access controls.
RBAC users
Attention RBAC users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations that are associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To convert the access control information for the status file to AIXC ACL type, type: 
    aclconvert -t AIXC status
    Conversion takes place and any warning or error message is displayed.
  2. To convert the access control information for the all file system objects under the directory dir1 file to AIXC ACL type and ignore any warning messages, type: 
    aclconvert -RI -t AIXC dir1
    This converts all file system objects under dir1 to the ACL type AIXC.

Location

/usr/bin/aclconvert

Files

Table 3. Files
Item Description
/usr/bin/aclconvert Contains the aclconvert command.