aclput Command
Purpose
Sets the access control information of a file.
Syntax
aclput [ -i inAclFile ] [ -R ] [ -t acl_type ] [ -v ]FileObject Description
The aclput command sets the access control information of the file object that is specified by the FileObject parameter. The command reads standard input for the access control information, unless you specify the -i flag.
Access Control List
Access Control Lists form the core of protection for file system objects. Each file system object is uniquely associated with one piece of data, called ACL that defines the access rights to the object. ACL might consist of multiple Access Control Entries (ACEs), each defining one particular set of access rights for a user. Typically, ACE consists of information such as identification (to whom this ACE applies) and access rights (allow-read, deny-write). ACE might also capture information such as inheritance flags and alarm and audit flags. The format and enforcement of ACL data is entirely dependent on the ACL type in which they are defined. AIX provides for existence of multiple ACL types on the operating system. The list of ACLs supported by a file system instance depends on the physical file system implementation for that file system instance.
Flags
| Item | Description |
|---|---|
| -i inAclFile | Specifies the input file for access control information. If the access control information
in the file that is specified by the InAclFile parameter is not correct, when you
try to apply it to a file, an error message that is preceded by an asterisk is added to the input
file. Note: The size of the ACL information depends on the ACL type.
|
| -R | Apply ACL to this directory and its children file system objects recursively. |
| -t ACL_type | Specifies the ACL type of the ACL information that is displayed. If option is not provided, the actual ACL data in its original ACL type is displayed. The supported ACL types are ACLX and NFS4. |
| -v | Verbose option. This option displays many comment lines as part of the ACL data display. This comment might help in understanding the details of complex ACL types. |
Security
- Access Control
- This command should be a standard user program and have the trusted computing base attribute.
- Auditing Events
- If the auditing subsystem is properly configured and is enabled, the
aclput command generates the following audit record or event every time the
command is run:
Event Information FILE_WriteXacl Modification to access controls. - RBAC users
-
Attention RBAC users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations that are associated with this command, see the lssecattr command or the getcmdattr subcommand.
Examples
- To set the access control information for the status file with
information from standard input, enter:
and then press the Ctrl-D sequence to exit the session.aclput status attributes: SUID - To set the access control information for the status file with information
stored in the acldefs file, enter:
aclput -i acldefs status - To set the access control information for the status file
with the same information used for the plans file, enter:
aclget plans | aclput status - To set the access control information for the status file with an edited
version of the access control information for the plans file, you must enter
two commands. First, enter:
This stores the access control information for the plans file in the acl file. Edit the information in the acl file by using your favorite editor. Then, enter:aclget -o acl plans
This second command takes the access control information in the acl file and puts it on the status file.aclput -i acl status
Files
| Item | Description |
|---|---|
| /usr/bin/aclput | Contains the aclput command. |