chrmcacl Command
Purpose
Updates the resource monitoring and control (RMC) ACL file.
Syntax
chrmcacl [ -a │ -d │ -r │ -h ]
Description
This command is used to update the RMC ACL file (/var/ct/cfg/ctrmc.acls). If this file does not exist, chrmcacl copies the default ACL file from /opt/rsct/cfg/ctrmc.acls to /var/ct/cfg/ctrmc.acls. This command reads update information from standard input. This input must be in ACL file format, so it must consist of one or more stanzas, in which each stanza begins with a stanza name that is followed by zero or more stanza lines. A stanza is terminated by a blank line, a comment line, another stanza, or end-of-file. See the description of the RMC ACL file in the Administering RSCT for details.
With no flags specified, chrmcacl does whole stanza addition, replacement, or deletion. If the input stanza does not exist in the ACL file, it is added. If the input stanza has a match in the ACL file, the input stanza replaces the existing ACL file stanza. If the input stanza contains no stanza lines and has a match in the ACL file, the existing ACL file stanza is removed.
If the -a, -r, or -d flag is specified, chrmcacl does individual stanza line addition, replacement, or deletion. Stanza lines are matched based on the user identifier and object type tokens, in the stanza line, within matching stanzas. Matches must be exact; in other words, there is no wildcard matching.
When the -a flag is used, the permissions specified in the input stanza line are added to the permissions from the matching stanza line in the ACL file. If this results in an effective change in permissions, the new permissions are updated in the ACL file. If there is no matching stanza line in the ACL file, the input stanza line is added to the matching stanza in the ACL file.
When the -r flag is used, the input stanza line unconditionally replaces the matching stanza line in the ACL file. If there is no matching stanza line in the ACL file, the input stanza line is added to the matching stanza in the ACL file. For the -a and -r flags, if the input stanza has no match in the ACL file, the complete input stanza is added to the ACL file.
When the -d flag is used, any matching stanza lines in the ACL file are deleted. If, as a result, the matching stanza in the ACL file has no stanza lines, the stanza is removed from the ACL file.
As a by-product of this command, the stanza lines within each stanza are ordered from the most specific user identifiers and object types to less specific user identifiers and object types.
The chrmcacl command employs file locking, which is used by other RSCT components, to serialize updates and prevent file corruption. Therefore, it is recommended that you use this command to update the ACL file, rather than by modifying the file directly.
When the ACL file is updated, the previous version is first saved as /var/ct/cfg/ctrmc.acls.orig. If there are no effective changes or if there are any errors, the ACL file is not updated.
refresh -s ctrmcFlags
- -a
- Adds the permissions of the input stanza lines to the matching stanza lines within the matching ACL file stanzas.
- -d
- Deletes the matching stanza lines within the matching ACL file stanzas.
- -r
- Replaces the matching stanza lines within the matching ACL file stanzas with the input stanza lines.
- -h
- Writes the command usage statement to standard error.
Files
- /opt/rsct/cfg/ctrmc.acls
- Default location of the ctrmc.acls file
- /var/ct/cfg/ctrmc.acls
- Location of the modifiable ctrmc.acls file
- /var/ct/cfg/ctrmc.acls.orig
- Location of the previous version of the modifiable ctrmc.acls file
Standard input
This command reads update information from standard input.
Standard error
Error messages are written to standard error.
When the -h flag is specified, this command usage statement is written to standard error.
Exit status
- 0
- The command has run successfully.
- 1
- The command was not successful.
Security
Privilege control: only the root user must have execute (x) access to this command.
Implementation specifics
This command is part of the rsct.core fileset for AIX® and rsct.core-3.1.0.0-0.platform.rpm package for Linux®, Solaris, and Windows, where platform is i386, ppc, ppc64, s390, or x86_64.
Location
- /opt/rsct/install/bin/chrmcacl
Examples
- If the /var/ct/cfg/ctrmc.acls file already
contains the IBM.Sensor stanza, but not
the OTHER stanza, and given the following
input to chrmcacl (with no flags specified):
the IBM.Sensor stanza is replaced by the input stanza and the OTHER stanza is added to the file upon successful completion of the command.IBM.Sensor joe@Host1.CoX.com * rw Host1.CoX.com * r OTHER Host1.CoX.com C r - With the /var/ct/cfg/ctrmc.acls file
that is a result of example 1 and given the following input to chrmcacl (with no flags specified):
the IBM.Sensor stanza is deleted and the OTHER stanza is replaced by the input stanza upon successful completion of the command.IBM.Sensor OTHER Host1.CoX.com * r - With the /var/ct/cfg/ctrmc.acls file
that is a result of example 2 and given the following input to chrmcacl (with the -a flag specified):
the OTHER stanza in the file is:OTHER Host1.CoX.com * w
upon successful completion of the command.OTHER Host1.CoX.com * rw - With the /var/ct/cfg/ctrmc.acls file
that is a result of example 3 and given the same input to chrmcacl as in example 3 (with the -r flag specified), the OTHER stanza in the file is:
upon successful completion of the command.OTHER Host1.CoX.com * w - Given the following stanza in the /var/ct/cfg/ctrmc.acls file:
and the following input to chrmcacl (with the -d flag specified):IBM.Sensor joe@Host1.CoX.com C rw joe@Host1.CoX.com R r Host1.CoX.com * r
the IBM.Sensor stanza in the file is:IBM.Sensor joe@Host1.CoX.com R r
upon successful completion of the command.IBM.Sensor joe@Host1.CoX.com C rw Host1.CoX.com * r