[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 1

aclput Command

Purpose

Sets the access control information of a file.

Syntax

aclput [ -i InFile ] File

Description

The aclput command sets the access control information of the file specified by the File parameter. The command reads standard input for the access control information, unless you specify the -i flag.

Note: If you are reading from standard input your entries must match the format of the access control information or you will get an error message. Use the Ctrl-D key sequence to complete the session.

Access Control List

In an access control list, attributes, base and extended permissions are in the following format:

attributes: ( SUID | SGID | SVTX )

base permissions:
 
   owner (name): mode
 
   group (group): mode
 
   others: mode
 
extended permissions: ( Enabled | Disabled )
 
   permit  mode   u:Username,g:groupname
 
   deny    mode   u:Username,g:groupname
 
   specify mode   u:Username,g:groupname

The access modes are: read (r), write (w), and execute/search (x), with the Mode parameter expressed as rwx (with a dash replacing each unspecified permission)

For example, the following ACL indicates that the file belongs to user user1 and the group staff. In addition, the user user2 has read access for the file:

attributes:
 
base permissions:
 
    owner (user1): rw-
 
    group (group): r--
 
    others: ---
 
extended permissions:  enabled 
 
    permit  r--   u:user2

The following ACL indicates that the file belongs to same user the group, but in this example, every other user has read access except for user2:

attributes:
 
base permissions:
 
    owner (user1): rw-
 
    group (group): r--
 
    others: r--
 
extended permissions:  enabled
 
    deny  r--   u:user2

Flags

-i InFile Specifies the input file for access control information. If the access control information in the file specified by the InFile parameter is not correct, when you try to apply it to a file, an error message preceded by an asterisk is added to the input file.

Note: The entire Access Control List for a file cannot exceed one memory page (4096 bytes).

Security

Access Control: This command should be a standard user program and have the trusted computing base attribute.

Auditing Events: If the auditing subsystem has been properly configured and is enabled, the aclput command will generate the following audit record (event) every time the command is executed:

Event Information
FILE_Acl Lists file access controls.

See "Setting up Auditing" in AIX 5L Version 5.2 Security Guide for more details about how to properly select and group audit events, and how to configure audit event data collection.

Examples

  1. To set the access control information for the status file with information from standard input, enter:

    aclput status
    attributes: SUID

    and then press the Ctrl-D sequence to exit the session.

  2. To set the access control information for the status file with information stored in the acldefs file, enter:
    aclput -i acldefs status
  3. To set the access control information for the status file with the same information used for the plans file, enter:

    aclget   plans   |   aclput   status
  4. To set the access control information for the status file with an edited version of the access control information for the plans file, you must enter two commands. First, enter:
    aclget -o acl plans
    This stores the access control information for the plans file in the acl file. Edit the information in the acl file, using your favorite editor. Then, enter:
    aclput -i acl status
    This second command takes the access control information in the acl file and puts it on the status file.

Files

/usr/bin/aclput Contains the aclput command.

Related Information

The acledit command, aclget command, auditpr command, chmod command.

Access Control Lists in AIX 5L Version 5.2 System User's Guide: Operating System and Devices.

The Auditing Overview in AIX 5L Version 5.2 Security Guide explains more about audits and audit events.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in AIX 5L Version 5.2 Security Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]