chaudit - Change audit flags for a file

Format

chaudit [-Fdai] attr pathname ...

Description

chaudit changes the audit attributes of the specified files or directories. Audit attributes determine whether or not accesses to a file are audited by the system authorization facility (SAF) interface.

The chaudit command can be used only by the file owner or a superuser for non-auditor-requested audit attributes. Only a user with auditor authority can change the auditor-requested audit attributes.

Options

-F
If you specify a directory as a path name on the command, chaudit changes the audit characteristics of all files in that directory. Subdirectory audit characteristics are not changed.
-d
If you specify a directory as a path name on the command, chaudit changes the audit characteristics of all the subdirectories in that directory. File audit characteristics are not changed.
-a
Auditor-requested audit attributes are to be changed for the specified files or directories. If -a is not specified, user-requested audit attributes are changed.
-
Does not issue error messages concerning file access authority, even if chaudit encounters such errors.
The symbolic form of the attr argument has the form: 
[operation]
op auditcondition[op auditcondition ...]
The operation value is any combination of the following:
r
Sets the file to audit read attempts.
w
Sets the file to audit write attempts.
x
Sets the file to audit execute attempts.

The default is rwx.

The op part of a symbolic mode is an operator telling whether chaudit should turn file auditing on or off. The possible values are:
+
Turns on specified audit conditions.
-
Turns off specified audit conditions.
=
Turns on the specified audit conditions and turns off all others.
The auditcondition part of a symbolic mode is any combination of the following:
s
Audit on successful access if the audit attribute is on.
f
Audit on failed access if the audit attribute is on.

You can specify multiple symbolic attr values if you separate them with commas.

Examples

  1. The command: 
    chaudit -s file
    changes the file file so that successful file accesses are not audited.
  2. The command: 
    chaudit rwx=sf file1
    changes the file file1 so that all successful and unsuccessful file accesses are audited.
  3. The command: 
    chaudit r=f file2
    changes the file file2 so that unsuccessful file read accesses are audited.
  4. The command: 
    chaudit r-f,w+s file3
    changes the file file3 to not audit unsuccessful file read accesses and to audit successful write accesses.

Localization

chaudit uses the following localization environment variables:
  • LANG
  • LC_ALL
  • LC_MESSAGES
  • NLSPATH

Exit values

0
Successful completion
1
Failure due to any of the following reasons:
  • Inability to access a specified file.
  • Inability to change the audit attributes for a specified file.
  • Inability to not read the directory containing item to change.
  • Irrecoverable error when using the -F or -d option.
2
Failure due to any of the following reasons:
  • Missing or incorrect attr argument.
  • Too few arguments.

Messages

Possible error messages include:
fatal error during -F or -d option
You specified the -F or -d option, but some file or directory in the directory structure was inaccessible. This may happen because of permissions or because you have removed a removable unit.
read directory name
You do not have read permissions on the specified directory.

Portability

None. This is a security extension that comes with z/OS UNIX services.

Related information

chmod, chown, ls