Sets the access control information of a file.
aclput [ -i InFile ] File
The aclput command sets the access control information of the file specified by the File parameter. The command reads standard input for the access control information, unless you specify the -i flag.
Note: If you are reading from standard input your entries must match the format of the access control information or you will get an error message. Use the Ctrl-D key sequence to complete the session.
In an access control list, attributes, base and extended permissions are in the following format:
Attributes: ( SUID | SGID | SVTX ) Base Permissions: Owner (name): Mode Group (group): Mode Others: Mode Extended Permissions: ( Enabled | Disabled ) Permit Mode u:Username,g:groupname Deny Mode u:Username,g:groupname Specify Mode u:Username,g:groupname
The access modes are: read (r), write (w), and execute/search (x), with the Mode parameter expressed as rwx (with a dash replacing each unspecified permission)
For example, the following ACL indicates that the file belongs to user user1 and the group staff. In addition, the user user2 has read access for the file:
Attributes: Base Permissions: Owner (user1): rw- Group (group): r-- Others: --- Extended Permissions: Enabled Permit r-- u:user2
The following ACL indicates that the file belongs to same user the group, but in this example, every other user has read access except for user2:
Attributes: Base Permissions: Owner (user1): rw- Group (group): r-- Others: r-- Extended Permissions: Enabled Deny r-- u:user2
|-i InFile|| Specifies the input file for access control information. If the access control information in the file specified by the InFile parameter is not correct, when you try to apply it to a file, an error message preceded by an asterisk is added to the input file.
Note: The entire Access Control List for a file cannot exceed one memory page (4096 bytes).
Access Control: This command should be a standard user program and have the trusted computing base attribute.
Auditing Events: If the auditing subsystem has been properly configured and is enabled, the aclput command will generate the following audit record (event) every time the command is executed:
|FILE_Acl||Lists file access controls.|
See "Setting up Auditing" in AIX Version 4.3 System Management Guide: Operating System and Devices for more details about how to properly select and group audit events, and how to configure audit event data collection.
aclput status attributes: SUIDand then press the Ctrl-D sequence to exit the session.
aclput -i acldefs status
aclget plans | aclput status
aclget -o acl plansThis stores the access control information for the plans file in the acl file. Edit the information in the acl file, using your favorite editor. Then, enter:
aclput -i acl statusThis second command takes the access control information in the acl file and puts it on the status file.
|/usr/bin/aclput||Contains the aclput command.|
The acledit command, aclget command, auditpr command, chmod command.
Access Control Lists in AIX Version 4.3 System User's Guide: Operating System and Devices.
The Auditing Overview in AIX Version 4.3 System Management Guide: Operating System and Devices explains more about audits and audit events.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Introduction in AIX Version 4.3 System Management Guide: Operating System and Devices.