Edits the access control information of a file.
The acledit command lets you change the access control information of the file specified by the File parameter. The command displays the current access control information and lets the file owner change it with the editor specified by the EDITOR environment variable. Before making any changes permanent, the command asks if you want to proceed.
Note: The EDITOR environment variable must be specified with a complete path name; otherwise, the acledit command will fail. The entire ACL for a file cannot exceed one memory page (4096 bytes).
The access control information that displays includes a list of attributes, base permissions, and extended permissions.
The following is an example of the access control information of a file:
attributes: SUID base permissions: owner (frank): r w - group (system): r - x others : - - - extended permissions: enabled permit r w - u:dhs deny r - - u:chas, g:system specify r - - u:john, g:gateway, g:mail permit r w - g:account, g:finance
Base permissions are assigned to the file owner, group and other users and are the traditional read (r), write (w), and execute (x). Extended permissions give the owner of a file the ability to define access to that file more precisely. Three attributes can be added: setuid (SUID), setgid (SGID) and savetext (SVTX). For a complete discussion refer to the Access Control Lists.
Note: If the acledit command is operating in a trusted path, the editor must have the trusted process attribute set.
Access Control: This command should be a standard user command and have the trusted computing base attribute.
Auditing Events: If the
auditing subsystem has been properly configured and is enabled, the
acledit command will generate the following audit record (event)
every time the command is executed:
|FILE_Acl||Lists access controls.|
See "Setting up Auditing" in AIX 5L Version 5.1 System Management Guide: Operating System and Devices for more details about how to properly select and group audit events, and how to configure audit event data collection.
To edit the access control information of the plans file, enter:
|/usr/bin/acledit||Contains the acledit command.|
The aclget command, aclput command, auditpr command, chmod command.
Access Control Lists in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.
The Auditing Overview in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices explains more about audits and audit events.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Introduction in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.