Query: acledit
OS: aix
Section: 1
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
Commands Reference, Volume 1, a - c
acledit_Command
Purpose
Edits the access control information of a file.
Syntax
acledit [ -t ACL_type ] [ -v ] FileObject
Description
The acledit command lets you change the access control infor-
mation of the
file specified by the FileObject parameter. The command dis-
plays the
current access control information and lets the file owner
change it with
the editor specified by the EDITOR environment variable. Be-
fore making any
changes permanent, the command asks if you want to proceed.
Note:
The EDITOR environment variable must be specified with a com-
plete path
name; otherwise, the acledit command will fail. The maximum
size of the
ACL data is dependent on the ACL type.
The access control information displayed depends on the ACL
type
associated with the file system object. Information typically
includes
access control entries displayed for owner and others. Also,
file mode
bits associated with the object could be displayed.
The following is an example of the access control information
of a file:
attributes: SUID
base permissions:
owner (frank): rw-
group (system): r-x
others : ---
extended permissions:
enabled
permit rw- u:dhs
deny r-- u:chas, g:system
specify r-- u:john, g:gateway, g:mail
permit rw- g:account, g:finance
Note: If the acledit command is operating in a trusted path,
the editor
must have the trusted process attribute set.
Flags
This optional input specifies the ACL type in which the ACL
data will
be stored at the end of the ACL editing process. If no op-
tion is
specified, then the ACL currently associated with the file
system
object will be edited in its ACL type format. If an ACL
type is
-t specified with this flag, then it is assumed that user is
trying to
modify the current ACL type and store the ACL in a new ACL
type format.
When this flag is specified and the ACL type does not match
the type
that exists currently, it is expected that user will modify
the
contents of the ACL data to format into the new ACL type
specific
format before saving.
Displays the ACL information in Verbose mode. Comment lines
will be
added to explain more details about the ACL associated with
the FS
-v object. These comment lines are generated when the command
is executed
and do not reside anywhere persistently. Hence, any modifi-
cations to
the same will be lost when acledit is exited.
Security
Access Control: This command should be a standard user command
and have
the trusted computing base attribute.
Files Accessed:
Mode File
x /usr/bin/aclget
x /usr/bin/aclput
Auditing Events: If the auditing subsystem has been properly
configured
and is enabled, the acledit command will generate the follow-
ing audit
record (event) every time the command is executed:
Event Information
FILE_Acl Lists access controls.
See "Setting up Auditing" in Security for more details about
how to
properly select and group audit events, and how to configure
audit event
data collection.
Examples
To edit the access control information of the plans file, en-
ter:
acledit plans
Files
/usr/bin/acledit Contains the acledit command.
Related Information
The aclget command, aclput command, auditpr command, chmod
command.
Access control lists in Operating system and device manage-
ment.
The Auditing Overview in Security explains more about audits
and audit
events.
For more information about the identification and authentica-
tion of users,
discretionary access control, the trusted computing base, and
auditing,
refer to Securing the network in Security.
________________________________________________________________________________
Commands Reference, Volume 1, a - c
acledit_Command
Purpose
Edits the access control information of a file.
Syntax
acledit [ -t ACL_type ] [ -v ] FileObject
Description
The acledit command lets you change the access control infor-
mation of the
file specified by the FileObject parameter. The command dis-
plays the
current access control information and lets the file owner
change it with
the editor specified by the EDITOR environment variable. Be-
fore making any
changes permanent, the command asks if you want to proceed.
Note:
The EDITOR environment variable must be specified with a com-
plete path
name; otherwise, the acledit command will fail. The maximum
size of the
ACL data is dependent on the ACL type.
The access control information displayed depends on the ACL
type
associated with the file system object. Information typically
includes
access control entries displayed for owner and others. Also,
file mode
bits associated with the object could be displayed.
The following is an example of the access control information
of a file:
attributes: SUID
base permissions:
owner (frank): rw-
group (system): r-x
others : ---
extended permissions:
enabled
permit rw- u:dhs
deny r-- u:chas, g:system
specify r-- u:john, g:gateway, g:mail
permit rw- g:account, g:finance
Note: If the acledit command is operating in a trusted path,
the editor
must have the trusted process attribute set.
Flags
This optional input specifies the ACL type in which the ACL
data will
be stored at the end of the ACL editing process. If no op-
tion is
specified, then the ACL currently associated with the file
system
object will be edited in its ACL type format. If an ACL
type is
-t specified with this flag, then it is assumed that user is
trying to
modify the current ACL type and store the ACL in a new ACL
type format.
When this flag is specified and the ACL type does not match
the type
that exists currently, it is expected that user will modify
the
contents of the ACL data to format into the new ACL type
specific
format before saving.
Displays the ACL information in Verbose mode. Comment lines
will be
added to explain more details about the ACL associated with
the FS
-v object. These comment lines are generated when the command
is executed
and do not reside anywhere persistently. Hence, any modifi-
cations to
the same will be lost when acledit is exited.
Security
Access Control: This command should be a standard user command
and have
the trusted computing base attribute.
Files Accessed:
Mode File
x /usr/bin/aclget
x /usr/bin/aclput
Auditing Events: If the auditing subsystem has been properly
configured
and is enabled, the acledit command will generate the follow-
ing audit
record (event) every time the command is executed:
Event Information
FILE_Acl Lists access controls.
See "Setting up Auditing" in Security for more details about
how to
properly select and group audit events, and how to configure
audit event
data collection.
Examples
To edit the access control information of the plans file, en-
ter:
acledit plans
Files
/usr/bin/acledit Contains the acledit command.
Related Information
The aclget command, aclput command, auditpr command, chmod
command.
Access control lists in Operating system and device manage-
ment.
The Auditing Overview in Security explains more about audits
and audit
events.
For more information about the identification and authentica-
tion of users,
discretionary access control, the trusted computing base, and
auditing,
refer to Securing the network in Security.