aclconvert Command

Purpose

Converts the access control information of a file system object from one type to another.

Syntax

aclconvert [ -R ] [-I] -t ACLType File

Description

The aclconvert command converts the access control information (ACL) of the file system object specified by the File parameter to another type as specified by ACLType argument input to command. The conversion could fail if the target ACL type is not supported by the file system where File exists. Also note that the ACL conversion will take place with the help of ACL type specific algorithm and invariably the conversion will be approximate. So the conversion could result in potential loss of access control and it is essential that the user of this command be sure that the converted ACL satisfies the necessary access restrictions. The user might manually review the access control information after the conversion for the file system object to ensure that the conversion was successful and fulfills the requirements of the desired access control.

Flags

Item Description
-I Does not display any warning messages.
-R Recursive option allows the user to convert ACL types for all the file system objects under a directory structure to the desired ACL type.
-t ACLType Specifies the target ACL type to which the File's ACL type will be converted. The conversion will succeed only if the file system in question supports the ACL type requested. If the conversion is lossy, a warning message will be issued. This kind of warning messages can be suppressed using -I option. The supported ACL types are ACLX and NFS4.

Exit Status

This command returns the following exit values:

Item Description
0 The command executed successfully and all requested changes were made.
>0 An error occurred.

Security

Access Control

This command should be a standard user program and have the trusted computing base attribute.

Auditing Events

If the auditing subsystem is properly configured and is enabled, the aclconvert command generates the following audit record or event every time the command is run:
Event Information
FILE_Acl Lists access controls.

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To convert the access control information for the status file to AIXC ACL type, type: 
    aclconvert -t AIXC status
    Conversion takes place and any warning or error message is displayed.
  2. To convert the access control information for the all file system objects under directory dir1 file to AIXC ACL type and ignore any warning messages, type: 
    aclconvert -RI -t AIXC dir1
    This converts all file system objects under dir1 to the ACL type AIXC..

Location

/usr/bin/aclconvert

Files

Item Description
/usr/bin/aclconvert Contains the aclconvert command.