acledit Command

Purpose

Edits the access control information of a file.

Syntax

acledit [ -t ACL_type ] [ -v ] FileObject

Description

The acledit command allows user to modify the access control information of the file that is specified by the FileObject parameter. The command displays the current access control information and allows the file owner to change it with the editor who is specified by the EDITOR environment variable. Before making any changes permanent, the command asks if you want to proceed.

Note: The EDITOR environment variable must be specified with a complete path name; otherwise, the acledit command fails. The maximum size of the ACL data depends on the ACL type.

The access control information that is displayed depends on the ACL type that is associated with the file system object. Information typically includes access control entries that are displayed for owner and others. Also, file mode bits associated with the object might be displayed.

The following is an example of the access control information of a file:

attributes: SUID
base permissions:
    owner  (frank): rw-
    group (system): r-x
    others        : ---
extended permissions:
    enabled
        permit    rw-    u:dhs
        deny      r--    u:chas,    g:system
        specify   r--    u:john,    g:gateway, g:mail
        permit    rw-    g:account, g:finance

Note: If the acledit command is operating in a trusted path, the editor must have the trusted process attribute set.

Flags

Table 1. Flags
Item	Description
-t	This optional input specifies the ACL type in which the ACL data is stored at the end of the ACL editing process. If no option is specified, then the ACL currently associated with the file system object is edited in its ACL type format. If an ACL type is specified with this flag, then it is assumed that the user is trying to modify the current ACL type and store the ACL in a new ACL type format. When this flag is specified and the ACL type does not match the type that exists currently, it is expected that the user will modify the contents of the ACL data to format into the new ACL type specific format before saving. The supported ACL types are ACLX and NFS4.
-v	Displays the ACL information in Verbose mode. Comment lines are added to explain more details about the ACL associated with the FS object. These comment lines are generated when the command is executed and do not reside anywhere persistently. Hence, any modifications to the same will be lost when acledit is exited.

Security

Access Control

This command should be a standard user command and have the trusted computing base attribute.

Auditing Events

If the auditing subsystem is properly configured and is enabled, the acledit command generates the following audit record or event every time the command is run:

Table 2. Auditing Events
Event	Information
FILE_Acl	Lists access controls.

Files Accessed

Table 3. File Accessed
Mode	File
`x`	/usr/bin/aclget
`x`	/usr/bin/aclput

RBAC users

Attention RBAC users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations that are associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

To edit the access control information of the plans file, enter:

acledit plans

Files

Table 4. Files
Item	Description
/usr/bin/acledit	Contains the acledit command.