Contains the user access control list (ACL) definitions for the System Manamgement Interface Tool (SMIT). This system file only applies to AIX 4.2.1 and later.
The /etc/security/smitacl.user file contains the ACL definitions for SMIT. This is an ASCII file that contains a stanza for each system user. Each stanza is identified by a user name followed by a : (colon) and contains attributes in the form Attribute=Value. Each attribute pair ends with a newline character as does each stanza.
The file supports a default stanza. If an attribute is not defined, either the default stanza or the default value for the attribute is used.
A stanza contains the following
|screens||Describes the list of SMIT screens for the user. (It is of the
type SEC_LIST.) Examples include:
screens = * # Permit all screen access. screens = !* # Deny all screen access. screens = # Allows no specific screens # (screens can be added on a per user basis) screens = user,group,!tcpip # Allow user & group # screens, but not # tcpip screen
|funcmode||Describes if the role database and/or SMIT ACL database should be used to
determine accessibility. It also describes how to combine the
screens data from the two databases. (It is of the type
SEC_CHAR.) Examples include:
funcmode = roles+acl # Use both roles and SMIT ACL # databases. funcmode = roles # Use only the roles database. funcmode = acl # Use only the SMIT ACL # database.
For a typical stanza, see the "Examples" section .
Access Control: This file grants read and write access to the root user, and read access to members of the security group.
username: screens = * funcmode = roles+acl
default: screen = * screens = mksysb
This file is part of the Base Operating System (BOS) Runtime.
|/etc/security/roles||Contains the list of valid roles.|
|/etc/security/user.roles||Contains the list of roles for each user.|
|/etc/security/smitacl.group||Contains the group ACL definitions.|
|/etc/security/smitacl.user||Contains the user ACL definitions.|
The getusraclattr subroutine, nextusracl subroutine, putusraclattr subroutine.