Maintenance Commands acladm(1m)
NAME
acladm - Administers access control list (ACL) information.
SYNOPSIS
acladm [ -I instance ] { -C | -E | -N | -O | -R } [ -y | -n | -f ] [ -v ]
acladm [ -I instance ] [ -GPSUX ] [ -y | -n | -f ] [ -v ] [pathname]
acladm [ -I instance ] -M [ -v ] From_path To_path
DESCRIPTION
The acladm command creates, moves, checks, prunes, fixes, or
removes access control list data. Creation of a new ACL data
store will fail if it already exists. The check (-C) option
traverses through the ACL data store to determine if there
are any inconsistencies.
OPTIONS
-I instance
Specifies the PCNL instance name or number. In a multi-
instance environment instance may be specified either on the
command line or by the environment variable PCNL_INSTANCE.
If there is only one instance configured, it is not neces-
sary to specify this argument.
-C
Checks and repairs the ACL data store. The command prompts
the user before making repairs. Corrupt entries are either
fixed or deleted. If the -y option is used, the command
repairs the data store automatically.
-E
Enumerates all objects which have ACLs assigned to them.
-G
Group fixes after changing to or from member server.
Replaces SID "System Operators" with "Power Users" (domain
Replaces SID "System Operators" with "Power Users" (domain
controller becomes member server) or the reverse, according
to the current role.
-M
Moves ACLs from one UNIX path to another. If a ACL exists
in the "To" path, it is silently overwritten by the ACL in
the "From" path. This option is useful when a directory
tree is relocated such as when a tree is restored from a
backup to a different location.
-N
Creates a new ACL data store if one does not already exist.
-O
Re-initializes the default ACLs for standard objects. This
option does not affect any user-created ACLs.
-P
Prunes (synchronizes) the ACL information with the physical
data on the UNIX file system. This option removes any ACLs
for objects (such as files) that no longer are present on
the system. Users are prompted regarding each ACL unless
the -y option is used, in which case the command prunes
every ACL automatically.
-R
Removes completely an ACL data store. This command asks for
confirmation unless the -y option is used, in which case the
ACL store is removed automatically.
-S
Removes redundant access control entries (ACEs) from ACLs.
-U
Removes ACEs of deleted or unknown users from ACLs.
-X
Removes all file ACLs where the owner is the same as the
owner of the containing directory.
-XX
Removes ***ALL*** file ACLs on ordinary files. (Directory
ACLs are unaffected.)
-f
Only valid when used with the -C option. Corrupt entries are
fixed in the ACL data store. No corrupt entries are deleted.
User is not prompted, each ACL entry that can be fixed is
fixed automatically.
-y
When used with the -C, -P, or -R option, ACL store changes
are made without prompting the user for input.
-n
When used with the -C or -P option, no changes are made to
the ACL store. The object name of each ACL entry that needs
repair is displayed with the action (fix or delete) that
will be applied when the -n option is not used.
-v
When the verbose option is used, acladm will produce more
detailed output concerning the activities it is performing.
EXAMPLE
To check access control list information, type the following
command: