aclget Command
Purpose
Displays the access control information of a file.
Syntax
Description
The aclget command writes the access control information of the file specified by the FileObject parameter to standard output or to the file specified by the OutAclFile parameter.
The information that you view depends on the ACL type and typically includes the Access Control Entries (ACEs) depicting the access rights of the users in the system, including the owner of the file object.
Flags
| Item | Description |
|---|---|
| -o OutAclFile | Specifies that the access control information be written to the file specified by the OutFile parameter. |
| -t acl type | Specifies the ACL type of the ACL information being displayed. If this option is not provided the actual ACL data in its original ACL type will be displayed. The supported ACL types are ACLX and NFS4. |
| -v | Displays the ACL information in Verbose mode. Comment lines will be added to explain more details about the ACL associated with the FS object. These comment lines are generated when the command is executed and do not reside anywhere persistently. |
Security
Access Control
This command should be a standard user program and have the trusted computing base attribute.
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Access Control Lists
Access Control Lists form the core of protection of file system objects. Each file system object is uniquely associated with one piece of data, called ACL, that defines the access rights to the object. ACL could consist of multiple Access Control Entries (ACEs), each defining one particular set of access rights for a user. Typically ACE consists of information such as identification (to whom this ACE applies) and access rights (allow-read, deny-write). Note that ACE might also capture information such as inheritance flags and alarm and audit flags. The format and enforcement of ACL data is entirely dependent on the ACL type in which they are defined. AIX provides for the existence of multiple ACL types on the operating systems. The list of ACLs supported by a file system instance is dependent on the physical file system implementation for that file system instance.
Examples
- To display the access control information for the status file, enter:
An access control list appears, similar to the example in Access Control Lists.aclget status - To copy the access control information of the plans file
to the status file, enter:
This copies the access control information. In most cases, the ACL type associated withaclget plans | aclput statusplanswill be the ACL type of ACL associated with the target status. However, it is possible that the target file system does not support the ACL type associated with file system object plans. In this case, the operation will fail and an error message is displayed. The target will retain its original associated ACL. - To save the access control information of the plans file
in the acl1 file to edit and use later, enter: aclget -o acl1 plans
Files
| Item | Description |
|---|---|
| /usr/bin/aclget | Contains the aclget command. |