Login or Register to Ask a Question and Join Our Community

trusted computing base

LEARN ABOUT AIX

acledit

Commands Reference, Volume 1, a - c

acledit_Command

  Purpose

   Edits the access control information of a file.

  Syntax

   acledit [ -t ACL_type ] [ -v ] FileObject

  Description

   The	acledit command lets you change the access control infor-
mation of the
   file specified by the FileObject parameter. The  command  dis-
plays the
   current  access  control  information  and lets the file owner
change it with
   the editor specified by the EDITOR environment  variable.  Be-
fore making any
   changes permanent, the command asks if you want to proceed.

   Note:
   The	EDITOR environment variable must be specified with a com-
plete path
   name; otherwise, the acledit command will  fail.  The  maximum
size of the
   ACL data is dependent on the ACL type.

   The	access	control  information displayed depends on the ACL
type
   associated with the file system object. Information	typically
includes
   access  control  entries displayed for owner and others. Also,
file mode
   bits associated with the object could be displayed.

   The following is an example of the access control  information
of a file:

	 attributes: SUID
	 base permissions:
     owner  (frank): rw-
     group (system): r-x
     others	   : ---
	 extended permissions:
     enabled
	 permit    rw-	  u:dhs
	 deny	   r--	  u:chas,    g:system
	 specify   r--	  u:john,    g:gateway, g:mail
	 permit    rw-	  g:account, g:finance

     Note: If the acledit command is operating in a trusted path,
the editor
     must have the trusted process attribute set.

  Flags

      This optional input specifies the ACL type in which the ACL
data will
      be  stored at the end of the ACL editing process. If no op-
tion is
      specified, then the ACL currently associated with the  file
system
      object  will  be	edited	in its ACL type format. If an ACL
type is
   -t specified with this flag, then it is assumed that  user  is
trying to
      modify  the current ACL type and store the ACL in a new ACL
type format.
      When this flag is specified and the ACL type does not match
the type
      that exists currently, it is expected that user will modify
the
      contents of the ACL data to format into the  new	ACL  type
specific
      format before saving.
      Displays the ACL information in Verbose mode. Comment lines
will be
      added to explain more details about the ACL associated with
the FS
   -v  object. These comment lines are generated when the command
is executed
      and do not reside anywhere persistently. Hence, any modifi-
cations to
      the same will be lost when acledit is exited.

  Security

   Access Control: This command should be a standard user command
and have
   the trusted computing base attribute.

   Files Accessed:

   Mode   File
   x	  /usr/bin/aclget
   x	  /usr/bin/aclput

   Auditing Events: If the auditing subsystem has  been  properly
configured
   and	is enabled, the acledit command will generate the follow-
ing audit
   record (event) every time the command is executed:

   Event      Information
   FILE_Acl   Lists access controls.

   See "Setting up Auditing" in Security for more  details  about
how to
   properly  select  and group audit events, and how to configure
audit event
   data collection.

  Examples

   To edit the access control information of the plans file,  en-
ter:

	 acledit plans

  Files

   /usr/bin/acledit		  Contains the acledit command.

  Related Information

   The aclget command, aclput command, auditpr command, chmod
   command.

   Access  control  lists  in Operating system and device manage-
ment.

   The Auditing Overview in Security explains more  about  audits
and audit
   events.

   For	more information about the identification and authentica-
tion of users,
   discretionary access control, the trusted computing base,  and
auditing,
   refer to Securing the network in Security.

________________________________________________________________________________

		      Commands Reference, Volume 1, a - c

acledit_Command

  Purpose

   Edits the access control information of a file.

  Syntax

   acledit [ -t ACL_type ] [ -v ] FileObject

  Description

   The acledit command lets you change the access control  infor-
mation of the
   file  specified  by the FileObject parameter. The command dis-
plays the
   current access control information and  lets  the  file  owner
change it with
   the	editor	specified by the EDITOR environment variable. Be-
fore making any
   changes permanent, the command asks if you want to proceed.

   Note:
   The EDITOR environment variable must be specified with a  com-
plete path
   name;  otherwise,  the  acledit command will fail. The maximum
size of the
   ACL data is dependent on the ACL type.

   The access control information displayed depends  on  the  ACL
type
   associated  with the file system object. Information typically
includes
   access control entries displayed for owner and  others.  Also,
file mode
   bits associated with the object could be displayed.

   The	following is an example of the access control information
of a file:

	 attributes: SUID
	 base permissions:
     owner  (frank): rw-
     group (system): r-x
     others	   : ---
	 extended permissions:
     enabled
	 permit    rw-	  u:dhs
	 deny	   r--	  u:chas,    g:system
	 specify   r--	  u:john,    g:gateway, g:mail
	 permit    rw-	  g:account, g:finance

     Note: If the acledit command is operating in a trusted path,
the editor
     must have the trusted process attribute set.

  Flags

      This optional input specifies the ACL type in which the ACL
data will
      be stored at the end of the ACL editing process. If no  op-
tion is
      specified,  then the ACL currently associated with the file
system
      object will be edited in its ACL type  format.  If  an  ACL
type is
   -t  specified  with this flag, then it is assumed that user is
trying to
      modify the current ACL type and store the ACL in a new  ACL
type format.
      When this flag is specified and the ACL type does not match
the type
      that exists currently, it is expected that user will modify
the
      contents	of  the  ACL data to format into the new ACL type
specific
      format before saving.
      Displays the ACL information in Verbose mode. Comment lines
will be
      added to explain more details about the ACL associated with
the FS
   -v object. These comment lines are generated when the  command
is executed
      and do not reside anywhere persistently. Hence, any modifi-
cations to
      the same will be lost when acledit is exited.

  Security

   Access Control: This command should be a standard user command
and have
   the trusted computing base attribute.

   Files Accessed:

   Mode   File
   x	  /usr/bin/aclget
   x	  /usr/bin/aclput

   Auditing  Events:  If the auditing subsystem has been properly
configured
   and is enabled, the acledit command will generate the  follow-
ing audit
   record (event) every time the command is executed:

   Event      Information
   FILE_Acl   Lists access controls.

   See	"Setting  up Auditing" in Security for more details about
how to
   properly select and group audit events, and how  to	configure
audit event
   data collection.

  Examples

   To  edit the access control information of the plans file, en-
ter:

	 acledit plans

  Files

   /usr/bin/acledit		  Contains the acledit command.

  Related Information

   The aclget command, aclput command, auditpr command, chmod
   command.

   Access control lists in Operating system  and  device  manage-
ment.

   The	Auditing  Overview in Security explains more about audits
and audit
   events.

   For more information about the identification and  authentica-
tion of users,
   discretionary  access control, the trusted computing base, and
auditing,
   refer to Securing the network in Security.