[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 1


aclget Command

Purpose

Displays the access control information of a file.

Syntax

aclget [ -o OutFile ] File

Description

The aclget command writes the access control information of the file specified by the File parameter to standard output or to the file specified by the OutFile parameter.

The information that you view includes attributes, base permissions, and extended permissions. To see an example of access control information, refer to Access Control List.

Flags


-o OutFile Specifies that the access control information be written to the file specified by the OutFile parameter.

Security

Access Control: This command should be a standard user program and have the trusted computing base attribute.

Access Control Lists

In an access control list, attributes, base and extended permissions are in the following format:

Attributes: ( SUID | SGID | SVTX )

Base Permissions:

Owner (name): Mode

Group (group): Mode

Others: Mode

Extended Permissions: ( Enabled | Disabled )

Permit  Mode   u:Username,g:groupname

Deny    Mode   u:Username,g:groupname

Specify Mode   u:Username,g:groupname

The access modes are: read (r), write (w), and execute/search (x), with the Mode parameter expressed as rwx (with a dash replacing each unspecified permission)

For example, the following ACL indicates that the file belongs to user user1 and the group staff. In addition, the user user2 has read access for the file:

Attributes:

Base Permissions:

Owner (user1): rw-

Group (group): r--

Others: ---

Extended Permissions:  Enabled 

Permit  r--   u:user2

The following ACL indicates that the file belongs to same user the group, but in this example, every other user has read access except for user2:

Attributes:

Base Permissions:

Owner (user1): rw-

Group (group): r--

Others: r--

Extended Permissions:  Enabled 

Deny  r--   u:user2

Examples

  1. To display the access control information for the status file, enter:

    aclget  status
    

    An access control list appears, similar to the example in Access Control Lists.

  2. To copy the access control information of the plans file to the status file, enter:

    aclget  plans  |  aclput  status
    

    This copies the access control information.

  3. To save the access control information of the plans file in the acl1 file to edit and use later, enter:
    aclget -o acl1 plans

Files


/usr/bin/aclget Contains the aclget command.

Related Information

The acledit command, aclput command, chmod command.

Access Control Lists in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.

The Auditing Overview in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices explains more about audits and audit events.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Introduction in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]