Sets the access control information of a file.
aclput [ -i InFile ] File
The aclput command sets the access control information of the file specified by the File parameter. The command reads standard input for the access control information, unless you specify the -i flag.
Note: If you are reading from standard input your entries must match the format of the access control information or you will get an error message. Use the Ctrl-D key sequence to complete the session.
In an access control list, attributes, base and extended permissions are in the following format:
Attributes: ( SUID | SGID | SVTX ) Base Permissions: Owner (name): Mode Group (group): Mode Others: Mode Extended Permissions: ( Enabled | Disabled ) Permit Mode u:Username,g:groupname Deny Mode u:Username,g:groupname Specify Mode u:Username,g:groupname
The access modes are: read (r), write (w), and execute/search (x), with the Mode parameter expressed as rwx (with a dash replacing each unspecified permission)
For example, the following ACL indicates that the file belongs to user user1 and the group staff. In addition, the user user2 has read access for the file:
Attributes: Base Permissions: Owner (user1): rw- Group (group): r-- Others: --- Extended Permissions: Enabled Permit r-- u:user2
The following ACL indicates that the file belongs to same user the group, but in this example, every other user has read access except for user2:
Attributes: Base Permissions: Owner (user1): rw- Group (group): r-- Others: r-- Extended Permissions: Enabled Deny r-- u:user2
|-i InFile||Specifies the input file for access control information. If the
access control information in the file specified by the InFile
parameter is not correct, when you try to apply it to a file, an error message
preceded by an asterisk is added to the input file.
Note: The entire Access Control List for a file cannot exceed one memory page (4096 bytes).
Access Control: This command should be a standard user program and have the trusted computing base attribute.
Auditing Events: If the
auditing subsystem has been properly configured and is enabled, the
aclput command will generate the following audit record (event)
every time the command is executed:
|FILE_Acl||Lists file access controls.|
See "Setting up Auditing" in AIX 5L Version 5.1 System Management Guide: Operating System and Devices for more details about how to properly select and group audit events, and how to configure audit event data collection.
aclput status attributes: SUID
and then press the Ctrl-D sequence to exit the session.
aclget plans | aclput status
|/usr/bin/aclput||Contains the aclput command.|
The acledit command, aclget command, auditpr command, chmod command.
Access Control Lists in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.
The Auditing Overview in AIX 5L Version 5.1 System Management Guide: Operating System and Devices explains more about audits and audit events.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Introduction in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.