Contains the user access control list (ACL) definitions for the System Manamgement Interface Tool (SMIT). This system file only applies to AIX 4.2.1 and later.
The /etc/security/smitacl.user file contains the ACL definitions for SMIT. This is an ASCII file that contains a stanza for each system user. Each stanza is identified by a user name followed by a : (colon) and contains attributes in the form Attribute=Value. Each attribute pair ends with a newline character as does each stanza.
The file supports a default stanza. If an attribute is not defined, either the default stanza or the default value for the attribute is used.
A stanza contains the following attributes:
Attribute | Description |
---|---|
screens | Describes the list of SMIT screens for the user. (It is of the type SEC_LIST.) Examples include:
screens = * # Permit all screen access. screens = !* # Deny all screen access. screens = # Allows no specific screens # (screens can be added on a per user basis) screens = user,group,!tcpip # Allow user & group # screens, but not # tcpip screen |
funcmode | Describes if the role database and/or SMIT ACL database should be
used to determine accessibility. It also describes how to combine the screens data from the two databases. (It is of the type SEC_CHAR.) Examples include:
funcmode = roles+acl # Use both roles and SMIT ACL # databases. funcmode = roles # Use only the roles database. funcmode = acl # Use only the SMIT ACL # database. The defined values for funcmode are:
|
For a typical stanza, see the "Examples" section .
Access Control: This file grants read and write access to the root user, and read access to members of the security group.
username: screens = * funcmode = roles+acl
default: screen = * screens = mksysb
/etc/security/roles | Contains the list of valid roles. |
/etc/security/user.roles | Contains the list of roles for each user. |
/etc/security/smitacl.group | Contains the group ACL definitions. |
/etc/security/smitacl.user | Contains the user ACL definitions. |
The getusraclattr subroutine, nextusracl subroutine, putusraclattr subroutine.