Displays the access control information of a file.
The aclget command writes the access control information of the file specified by the FileObject parameter to standard output or to the file specified by the OutAclFile parameter.
The information that you view depends on the ACL type and typically includes the Access Control Entries (ACEs) depicting the access rights of the users in the system, including the owner of the file object.
Item | Description |
---|---|
-o OutAclFile | Specifies that the access control information be written to the file specified by the OutFile parameter. |
-t acl type | Specifies the ACL type of the ACL information being displayed. If this option is not provided the actual ACL data in its original ACL type will be displayed. The supported ACL types are ACLX and NFS4. |
-v | Displays the ACL information in Verbose mode. Comment lines will be added to explain more details about the ACL associated with the FS object. These comment lines are generated when the command is executed and do not reside anywhere persistently. |
Access Control
This command should be a standard user program and have the trusted computing base attribute.
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Access Control Lists form the core of protection of file system objects. Each file system object is uniquely associated with one piece of data, called ACL, that defines the access rights to the object. ACL could consist of multiple Access Control Entries (ACEs), each defining one particular set of access rights for a user. Typically ACE consists of information such as identification (to whom this ACE applies) and access rights (allow-read, deny-write). Note that ACE might also capture information such as inheritance flags and alarm and audit flags. The format and enforcement of ACL data is entirely dependent on the ACL type in which they are defined. AIX provides for the existence of multiple ACL types on the operating systems. The list of ACLs supported by a file system instance is dependent on the physical file system implementation for that file system instance.
aclget status
An access control list appears, similar to the example in Access
Control Lists. aclget plans | aclput status
This copies the access control
information. In most cases, the ACL type associated with plans will be the ACL type of ACL associated with the target status. However,
it is possible that the target file system does not support the ACL
type associated with file system object plans. In this case, the operation
will fail and an error message is displayed. The target will retain
its original associated ACL.aclget -o acl1 plans
Item | Description |
---|---|
/usr/bin/aclget | Contains the aclget command. |