Commands Reference, Volume 1

aclput Command

Purpose

Sets the access control information of a file.

Syntax

aclput [ -i InFile ] File

Description

The aclput command sets the access control information of the file specified by the File parameter. The command reads standard input for the access control information, unless you specify the -i flag.

Note: If you are reading from standard input your entries must match the format of the access control information or you will get an error message. Use the Ctrl-D key sequence to complete the session.

Access Control List

In an access control list, attributes, base and extended permissions are in the following format:

attributes: ( SUID | SGID | SVTX )

base permissions:
 
   owner (name): mode
 
   group (group): mode
 
   others: mode
 
extended permissions: ( Enabled | Disabled )
 
   permit  mode   u:Username,g:groupname
 
   deny    mode   u:Username,g:groupname
 
   specify mode   u:Username,g:groupname

The access modes are: read (r), write (w), and execute/search (x), with the Mode parameter expressed as rwx (with a dash replacing each unspecified permission)

For example, the following ACL indicates that the file belongs to user user1 and the group staff. In addition, the user user2 has read access for the file:

attributes:
 
base permissions:
 
    owner (user1): rw-
 
    group (group): r--
 
    others: ---
 
extended permissions:  enabled 
 
    permit  r--   u:user2

The following ACL indicates that the file belongs to same user the group, but in this example, every other user has read access except for user2:

attributes:
 
base permissions:
 
    owner (user1): rw-
 
    group (group): r--
 
    others: r--
 
extended permissions:  enabled
 
    deny  r--   u:user2

Flags

Security

Access Control: This command should be a standard user program and have the trusted computing base attribute.

Auditing Events: If the auditing subsystem has been properly configured and is enabled, the aclput command will generate the following audit record (event) every time the command is executed:

See "Setting up Auditing" in AIX 5L Version 5.2 Security Guide for more details about how to properly select and group audit events, and how to configure audit event data collection.

Examples

1. To set the access control information for the status file with information from standard input, enter:

   aclput status
   attributes: SUID

   and then press the Ctrl-D sequence to exit the session.

2. To set the access control information for the status file with information stored in the acldefs file, enter:
   aclput -i acldefs status
   
3. To set the access control information for the status file with the same information used for the plans file, enter:

   aclget   plans   |   aclput   status

4. To set the access control information for the status file with an edited version of the access control information for the plans file, you must enter two commands. First, enter:
   aclget -o acl plans
   This stores the access control information for the plans file in the acl file. Edit the information in the acl file, using your favorite editor. Then, enter:
   aclput -i acl status
   This second command takes the access control information in the acl file and puts it on the status file.

Files

Related Information

The acledit command, aclget command, auditpr command, chmod command.

Access Control Lists in AIX 5L Version 5.2 System User's Guide: Operating System and Devices.

The Auditing Overview in AIX 5L Version 5.2 Security Guide explains more about audits and audit events.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in AIX 5L Version 5.2 Security Guide.