Index Index for
Section 8
Index Alphabetical
listing for A
Bottom of page Bottom of
page

acladm(8)

NAME

acladm - Creates, moves, checks, synchronizes, and removes access control list (ACL) information.

SYNOPSIS

/usr/sbin/acladm [-C | -E | -N | -O | [-P | -S | -T | -U] | -R] [-y | -n | -f | -p] [-v] /usr/sbin/acladm [-M] [-i filename] [-v] from_directory to_directory

OPTIONS

-C Checks and repairs the ACL data store. This option asks for confirmation before making repairs unless the -y option is used, in which case repairs are automatically made. -E Enumerates all objects that have ACLs assigned to them. -N Creates a new ACL data store if one does not already exist. -O Reinitializes the default ACLs for standard objects. This option does not affect user-created ACLs. -P Synchronizes the ACL information with the physical data on the UNIX file system. This option removes any ACLs for objects (such as files) that no longer are present on the system. This option asks for confirmation to synchronize ACLs unless the -y option is used, in which case every ACL is automatically synchronized. -S Removes redundant access control entries (ACEs) from ACLs. -T Trims redundant ACLs from the ACL store. This option enumerates all the ACLs and computes what the inherited ACL would be for each one. This option asks for confirmation to remove redundant ACLs unless the -y option is used, in which case redundant ACLs are automatically removed. -U Removes ACEs of deleted or unknown users from ACLs. -R Removes an ACL data store. This option asks for confirmation unless the -y option is used, in which case the ACL store is automatically removed. -M Moves ACLs from one UNIX directory path to another. If an ACL exists in the to_directory path, it is silently overwritten by the ACL in the from_directory path. An example of when to use this option is to restore a directory from a backup to a new directory path. -i filename When used with the -M option, restores ACLs from a backup copy of an ACL store specified by filename. You do not need to stop the ASU server to restore ACLs from backup. If the to_directory path is not specified, it defaults to the same value as the from_directory path. This option is useful for restoring the ACLs of a directory that has been restored from backup. -y When used with the -C, -P, -R, or -T option, changes are made without prompting the user for confirmation. -n When used with the -C, -P, or -T option, no changes are made to the ACL store. The object name of each ACL entry that needs to change is displayed with the action (fix or delete) that will be applied when the -n option is not used. -f Only valid when used with the -C option. Corrupt entries are fixed in the ACL data store. No corrupt entries are deleted. User is not prompted, each ACL entry that can be fixed is fixed automatically. -p Only valid when used with the -C option on a member server. This option is intended to be used when upgrading a member server. Fixes corrupt entries in the ACL, migrates access control entries of the operators groups to the power users group, and replaces operators access control ACL entries with power user access control. -v Displays detailed output of the acladm activity that you have requested.

OPERANDS

from_directory Specifies the directory from which the ACLs will be moved. to_directory Specifies the directory to which the ACLs will be moved.

DESCRIPTION

The acladm command creates, checks, prunes (synchronizes) or removes access control list data. Creation of a new ACL data store will fail if it already exists. The check (-C) option traverses through the ACL data store to determine if there are any inconsistencies. The prune option synchronizes the access control list information with the physical data on the UNIX file system. Access control list information can get out of sync when files are deleted using UNIX system commands. You must be logged in as root to use the acladm command.

EXAMPLES

To check access control list information, enter the following command: # acladm -C Follow these steps to restore a file and its corresponding ASU ACLs: 1. Restore the file from backup. 2. Restore the /usr/net/servers/lanman/datafiles/acl file from the same date to a different filename, for example may10.acl. 3. Enter the following command to restore the ACLs from backup: # acladm -M -i may10.acl -v /path/filename

Index Index for
Section 8
Index Alphabetical
listing for A
Top of page Top of
page