aclput Command
Purpose
Sets the access control information of a file.
Syntax
aclput [ -i inAclFile ] [ -R ] [ -t acl_type ] [ -v ]FileObject
Description
The aclput command sets the access control information of the file object specified by the FileObject parameter. The command reads standard input for the access control information, unless you specify the -i flag.
Access Control List
Access Control Lists form the core of protection for file system objects. Each file system object is uniquely associated with one piece of data, called ACL, that defines the access rights to the object. ACL could consist of multiple Access Control Entries (ACEs), each defining one particular set of access rights for an user. Typically, ACE consists of information such as identification (to whom this ACE applies) and access rights (allow-read, deny-write). ACE might also capture information such as inheritance flags and alarm and audit flags. The format and enforcement of ACL data is entirely dependent on the ACL type in which they are defined. AIX® provides for existence of multiple ACL types on the operating system. The list of ACLs supported by a file system instance is dependent on the physical file system implementation for that file system instance.
Flags
| Item | Description |
|---|---|
| -i inAclFile | Specifies the input file for access control information.
If the access control information in the file specified by the InFile parameter is not correct, when you try to apply it to
a file, an error message preceded by an asterisk is added to the input
file. Note: The size of the ACL information depends on the ACL type. |
| -R | Applys ACL to this directory and its children file system objects recursively. |
| -t ACL_type | Specifies the ACL type of the ACL information being displayed. If this option is not provided the actual ACL data in its original ACL type will be displayed. The supported ACL types are ACLX and NFS4. |
| -v | Verbose option. This option displays many comment lines as part of the ACL data display. This could help in understanding the details of complex ACL types. |
Security
Access Control
This command should be a standard user program and have the trusted computing base attribute.
Auditing Events
If the auditing subsystem is properly configured and is enabled, the aclput command generates the following audit record or event every time the command is run:
| Event | Information |
|---|---|
| FILE_WriteXacl | Modification to access controls. |
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Examples
- To set the access control information for the status file with
information from standard input, enter:
and then press the Ctrl-D sequence to exit the session.aclput status attributes: SUID - To set the access control information for the status file
with information stored in the acldefs file, enter: aclput -i acldefs status
- To set the access control information for the status file
with the same information used for the plans file, enter:
aclget plans | aclput status - To set the access control
information for the status file with an edited version of
the access control information for the plans file, you must
enter two commands. First, enter: aclget -o acl plansThis stores the access control information for the plans file in the acl file. Edit the information in the acl file, using your favorite editor. Then, enter:aclput -iacl statusThis second command takes the access control information in the acl file and puts it on the status file.
Files
| Item | Description |
|---|---|
| /usr/bin/aclput | Contains the aclput command. |