[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 1

acledit Command

Purpose

Edits the access control information of a file.

Syntax

acledit File

Description

The acledit command lets you change the access control information of the file specified by the File parameter. The command displays the current access control information and lets the file owner change it with the editor specified by the EDITOR environment variable. Before making any changes permanent, the command asks if you want to proceed.

Note: The EDITOR environment variable must be specified with a complete path name; otherwise, the acledit command will fail. The entire ACL for a file cannot exceed one memory page (4096 bytes).

The access control information that displays includes a list of attributes, base permissions, and extended permissions.

The following is an example of the access control information of a file:

attributes: SUID
base permissions:
    owner  (frank): rw-
    group (system): r-x
    others        : ---
extended permissions:
    enabled
        permit    rw-    u:dhs
        deny      r--    u:chas,    g:system
        specify   r--    u:john,    g:gateway, g:mail
        permit    rw-    g:account, g:finance

Base permissions are assigned to the file owner, group and other users and are the traditional read (r), write (w), and execute (x). Extended permissions give the owner of a file the ability to define access to that file more precisely. Three attributes can be added: setuid (SUID), setgid (SGID) and savetext (SVTX). For a complete discussion refer to the Access Control Lists.

Note: If the acledit command is operating in a trusted path, the editor must have the trusted process attribute set.

Security

Access Control: This command should be a standard user command and have the trusted computing base attribute.

Files Accessed:

Mode File
x /usr/bin/aclget
x /usr/bin/aclput

Auditing Events: If the auditing subsystem has been properly configured and is enabled, the acledit command will generate the following audit record (event) every time the command is executed:

Event Information
FILE_Acl Lists access controls.

See "Setting up Auditing" in AIX 5L Version 5.2 Security Guide for more details about how to properly select and group audit events, and how to configure audit event data collection.

Examples

To edit the access control information of the plans file, enter:

acledit plans

Files

/usr/bin/acledit Contains the acledit command.

Related Information

The aclget command, aclput command, auditpr command, chmod command.

Access Control Lists in AIX 5L Version 5.2 System User's Guide: Operating System and Devices.

The Auditing Overview in AIX 5L Version 5.2 Security Guide explains more about audits and audit events.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in AIX 5L Version 5.2 Security Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]