The triplets of
write and e
xecute as associated with a file object has been around as long as UNIX. To say that today their usefulness has depreciated is nothing but an understatement. Still, despite the amount of time that has passed since UNIX introductions many sites relies nothing but
rwx to set access privileges which results (often and frequently) with file systems/directories being wide open to access by all who can log into the host. Why? Often because of a “conflict of interests”; initially we create numerous groups with the best of intentions which we assign to their respected file systems to quickly yield to the business requirements dictating the the members of one group also be able to access the files in the other file system, and so forth and so forth. I do think that currently the usefulness of the original triplets
Well, regardless who is right and who is not I want to suggest you introduce yourselves to AIX ACLs, RBAC and maybe even to ACLs NFS v.4 (who knows, maybe this is God gift to AIX administrators?). This post will try to introduce you to the AIX own ACL that deliver a more granular control over file objects. Note that NFS v.4 ACLs delivered far more granular control then AIX native ACLs.