aclget Command
Purpose
Displays the access control information of a file.
Syntax
aclget [ -o OutAclFile ] [ -t acl_type ] [ -v ] FileObject Description
The aclget command writes the access control information of the file that is specified by the FileObject parameter to standard output or to the file specified by the OutAclFile parameter.
The information that you view depends on the ACL type and typically includes the Access Control Entries (ACEs) depicting the access rights of the users in the system, including the owner of the file object.
Flags
| Item | Description |
|---|---|
| -o OutAclFile | Specifies that the access control information is written to the file specified by the OutAclFile parameter. |
| -t acl type | Specifies the ACL type of the ACL information being displayed. If this option is not provided the actual ACL data in its original ACL type will be displayed. The supported ACL types are ACLX and NFS4. |
| -v | Displays the ACL information in Verbose mode. Comment lines are added to explain more details about the ACL associated with the FS object. These comment lines are generated when the command is executed and do not reside anywhere persistently. |
Security
- Access Control
- This command should be a standard user program and have the trusted computing base attribute.
- RBAC users
-
Attention RBAC users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations that are associated with this command, see the lssecattr command or the getcmdattr subcommand.
Access Control Lists
Access Control Lists form the core of protection of file system objects. Each file system object is uniquely associated with one piece of data, called ACL, that defines the access rights to the object. ACL might consist of multiple Access Control Entries (ACEs), each defining one particular set of access rights for a user. Typically ACE consists of information such as identification (to whom this ACE applies) and access rights (allow-read, deny-write). Note that ACE might also capture information such as inheritance flags and alarm and audit flags. The format and enforcement of ACL data is entirely dependent on the ACL type in which they are defined. AIX provides for the existence of multiple ACL types on the operating systems. The list of ACLs supported by a file system instance depends on the physical file system implementation for that file system instance.
Examples
- To display the access control information for the status file, enter:
An access control list appears, similar to the example in Access Control Lists.aclget status - To copy the access control information of the plans file to the
status file, enter:
This copies the access control information. Usually, the ACL type that is associated withaclget plans | aclput statusplanswill be the ACL type of ACL associated with the target status. However, it is possible that the target file system does not support the ACL type that is associated with file system object plans. In this case, the operation fails and an error message is displayed. The target retains its original associated ACL. - To save the access control information of the plans file in the
acl1 file to edit and use later, enter:
aclget -o acl1 plans
Files
| Item | Description |
|---|---|
| /usr/bin/aclget | Contains the aclget command. |