HP 3000 Manuals HP 3000 Manuals
Tasks Involving System Security
The following sections describe tasks relating to system security such as
listing ACDs, assigning ACDs, changing ACDs, and copying ACDs.
Listing ACDs
Use the -2 listfile option of the LISTFILE or LISTF commands to list ACD
information associated with a file. Any user on a system can use these
commands to determine if a file has an ACD. In order to view the contents
of an ACD, you must be either an owner of the file or be a user granted
RACD access to that file.
Use the SHOWDEV command to list ACD information associated with a logical
device, device name, or device class. Only a system manager and users
granted RACD access can view the contents of a device ACD.
If you are the user DENNIS.ADMIN and you want to view the contents of
ACDs for all files in group and account DEV.ENGR, enter:
LISTFILE @.DEV.ENGR,-2
The screen displays:
___________________________________________________________
| |
| |
| ACCOUNT = ENGR GROUP=DEV |
| |
| FILENAME ------------ACD ENTRIES----------- |
| |
| RLDSPR NO ACDS |
| QUEXINK TEST.ENGR : X,A,L |
| DENNIS.ADMIN : RACD |
| HENRY.MFG : NONE |
| THO.ENGR : W |
| TOM.ENGR : R,W |
| BFDFILE NO ACD ACCESS |
| |
| |
___________________________________________________________
In the previous example, you (DENNIS.ADMIN) have permission to view the
ACD associated with QEXINK. While the file BFDFILE has an ACD associated
with it, you do not have permission to view its ACD contents.
The file RLDSPR has no ACD, so access to this file is determined through
standard file system security features. Enter LISTFILE RLDSPR, -3 to
obtain security provisions in effect for RLDSPR.
Listing ACDs for directories and files in directories
Because ACDs supersede other security mechanisms, it is useful to be able
to determine whether or not an HFS directory or file has an ACD assigned
to it and, if so, what it is. Any directories or files residing outside
of traditional MPE groups are automatically assigned ACDs when they are
created. You can list ACDs by using the LISTFILE command with the -2
(also called ACD) option.
The following example shows how to list the ACD associated with the
directory called letters. Notice that the user named JONES in the OFFICE
account has RD (read directory entries) access to the letters directory.
All other users on the system have both RD and TD (traverse directory
entries) access to letters.
________________________________________________________
| |
| |
| listfile /dir0/letters,-2 |
| |
| PATH=/dir0/ |
| |
| ------------ACD ENTRIES-------------- FILENAME |
| |
| JONES.OFFICE : RD letters/ |
| @.@ : RD,TD |
| |
| |
________________________________________________________
In the next example, the directory GRP is assigned the default ACD. All
users can read the ACD assigned to the directory. Only the creator and
the system manager can change it. Also, note that -2 is replaced with
the textual equivalent ACD.
________________________________________________________
| |
| |
| listfile /OFFICE/GRP,ACD |
| |
| PATH=/OFFICE/ |
| |
| ------------ACD ENTRIES-------------- FILENAME |
| |
| @.@ : RACD GRP/ |
| |
________________________________________________________
In the next example, the file assets has an ACD assigned to it. The ACD
is listed from the most specific (such as a particular user in a
particular account) to the least specific (all other users in all other
accounts). User ZONIS in the OFFICE account has R (read) access to the
file assets. Other users in the OFFICE account have both R and W (write)
access to the file. And all other users in other accounts have R, W, and
X (execute) access to the file.
________________________________________________________
| |
| |
| listfile /OFFICE/GRP/assets,-2 |
| |
| PATH=/OFFICE/GRP/ |
| |
| ------------ACD ENTRIES-------------- FILENAME |
| |
| ZONIS.OFFICE : R assets |
| @.OFFICE : R,W |
| @.@ : R,W,X |
| |
| |
________________________________________________________
The next example shows how you can list the ACDs for all of the files in
the GRP directory. It shows the ACDs on the file assets as in the
previous example and lists the ACDs on the other two files in the
directory.
_____________________________________________________
| |
| |
| listfile /OFFICE/GRP/@,-2 |
| |
| PATH=/OFFICE/GRP/ |
| |
| ------------ACD ENTRIES------------ FILENAME |
| |
| ZONIS.OFFICE : R assets |
| @.OFFICE : R,W |
| @.@ : R,W,X |
| ZONIS.OFFICE : R bills |
| WILKE.OFFICE : R,W |
| @.@ : R,W,X |
| SMITH.OFFICE : R goods |
| @.OFFICE : R,W,X |
| |
| |
_____________________________________________________
Changing access to HFS files and directories
Because access to MPE/iX files and hierarchical directories is controlled
by ACDs, system users may want to change the defaults assigned when files
or directories are created.
For the purpose of selectively restricting access to files with ACDs,
users can be classified into three groups:
* Individual users
* Specific groups of users
* All other users
Creating ACDs
Use the NEWACD option of the ALTSEC command to create an ACD and assign
it to a file or device. You must be an owner of a file to create and
assign an ACD to that file. Only a system manager can assign ACDs to
logical devices, device names, and device classes.
You can assign ACD pairs to the new ACD either from within the command
line or by referencing a file that contains one or more ACD pairs.
To create an ACD and assign it to the file PROGNAME, enter:
ALTSEC PROGNAME;NEWACD=(X:@.@;W:@.ACCT)
This ACD grants all users on the system EXECUTE access to PROGNAME, but
only users in account ACCT can write to it.
The following example performs the same action as the last example by
referencing a file that contains ACD pairs:
ALTSEC PROGNAME;NEWACD=^ACDFILE
In the previous example, the ACD pairs X:@.@ and W:@.ACCT are located in
the text file ACDFILE. ACD pairs are separated by semicolons.
To create an ACD that prevents any user except OPERATOR.SYS and the
system manager from accessing LDEV 7 (a tape drive), enter:
ALTSEC 7,LDEV;NEWACD=(R,W:OPERATOR.SYS)
Some access modes are not applicable to certain devices. For example, it
makes no sense to execute or append a tape drive. Access modes not
applicable to a device can be assigned but are ignored.
Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2
(32650-90003 and 32650-90364) for further information about the ALTSEC
command.
Assigning ACDs
For example, you may want to assign ACD permissions to restrict access to
a sensitive file so that only you and your manager can read it. You may
also want to restrict access to a sensitive directory so that only
certain members of a group can create files in it.
Use the ALTSEC command to change access permissions to a file or
hierarchical directory. System managers can assign ACDs on any file or
directory in the system. They must supply the lockword for any
lockword-protected files before they can assign an ACD, however. Once
the file has an ACD, the ACD supersedes the lockword.
You can use the ADDPAIR option with the ALTSEC command to add ACD pairs
to an object that already has an ACD. (You must use the NEWACD option to
assign ACDs to files having no ACDs.)
For example, to assign a new ACD that gives all users on the system total
access to the file NUMBERS:
:ALTSEC NUMBERS;NEWACD=(R,W,L,A,X,RACD:@.@)
The file SUMMARY has an ACD (RACD:@.@). You want to grant read and write
access to users in your account:
:ALTSEC SUMMARY;ADDPAIR=(W,R:@.ACCT)
Adding an ACD Pair
Use the ADDPAIR parameter of the ALTSEC command to add an ACD pair to an
ACD.
To add a new ACD pair that grants the user ENGR.LAB the access modes
READ, WRITE, LOCK, APPEND, EXECUTE, and RACD to the file PROGNAME, enter:
ALTSEC PROGNAME;ADDPAIR=(R,W,L,A,X,RACD:ENGR.LAB)
NOTE ACDs cannot be used to protect Image SQL files because they have
their own protection.
Replacing an ACD Pair
Use the REPPAIR parameter of the ALTSEC command to replace an existing
ACD pair with a new ACD pair.
To replace the access permissions previously assigned to the user
ENGR.LAB with READ access to the file PROGNAME, enter:
ALTSEC PROGNAME;REPPAIR=(R:ENGR.LAB)
Replacing ACDs
You can replace the current ACD by using the REPACD option with the
ALTSEC command.
All users in the MKTG account currently have RD and TD access to the
directory van. The users can only move through van and read the names of
files in it. Instead, you want to grant all users in MKTG greater access
to the contents of the directory. You want them to be able to create
directory entries, delete directory entries, read directory entries,
traverse directory entries, and to be able to read the ACD.
For example,
:ALTSEC ./van;REPACD=(CD,DD,RD,TD,RACD:@.MKTG)
This option is useful when you want to change the default ACDs assigned
to HFS directories and to files outside of MPE groups.
Modifying ACDs
Once an ACD is assigned to a file or device, you can modify the contents
of the ACD by adding, deleting, or replacing ACD pairs. You must be an
owner of a file in order to modify its ACD. Only a system manager can
modify ACDs assigned to logical devices, device names, and device
classes.
Deleting ACDs
Use the DELACD parameter of ALTSEC to delete an ACD assigned to a file or
device. You must be an owner of a file in order to delete an ACD from
that file. Only a system manager can delete ACDs from logical devices,
device names, and device classes.
To eliminate any ACD that may be in effect for device class LP, enter:
ALTSEC LP,DEVCLASS;DELACD
Deleting an ACD Pair.
Use the DELPAIR parameter of the ALTSEC command to delete a user name
from an ACD. All other user names are unaffected.
To delete from the ACD assigned to PROGNAME only the ACD pair where the
userspecs part exactly matches @.@, enter:
ALTSEC PROGNAME;DELPAIR=(@.@)
Deleting Optional ACDs.
You can only delete optional ACDs on files in MPE groups that can be
protected by the file access matrix.
Users in the ACCT account have read access to the file
/ACCT/PUB/dir1/summary and all other users have read ACD access to the
file (R:@.ACCT;RACD:@.@). If you decide that the users in ACCT should no
longer have read access to the file, you can delete previously assigned
ACD pairs (but you cannot delete the entire ACD):
:ALTSEC /ACCT/PUB/dir1/summary;DELPAIR=(@.ACCT)
The above example deletes read access to file summary for all users in
ACCT but still allows all users (including those in ACCT) RACD access to
the file.
You try to specify the following command to delete the ACD pair that
matches @.@, which is the only ACD pair left on the file:
:ALTSEC /ACCT/PUB/dir1/summary;DELPAIR=(@.@)
Because this file is located in an HFS directory, it is required to have
ACDs and cannot be protected by the file access matrix. You receive an
error message and the ACD will not be deleted:
Cannot delete ACDs from objects where file matrix security
does not apply. (CIERR 7330)
If the file REPORT is a file in an MPE group, its GID matches the GID of
its parent group, and its ACD is not required, you can use the following
command to delete all ACD pairs:
:ALTSEC REPORT;DELACD
Copying ACDs
Use the COPYACD parameter of the ALTSEC command to copy an ACD from a
source file to a target file or device. In order to copy an ACD, you
must be an owner of the source file or a user granted RACD access to the
source file. In addition, you must be an owner of the target file.
To copy the ACD from the file PROGNAME to the file NEWFILE, enter:
ALTSEC NEWFILE;COPYACD=PROGNAME
Copying ACD Pairs.
You can copy ACD pairs from one file to another or from one directory to
another. This is particularly useful if you assign a complex set of ACDs
to one file or directory and you want to assign the same set to another
file or directory.
NOTE You can only copy an ACD from one file to another or from one
directory to another. You can't copy an ACD from a directory to a
file or vice versa.
For example, you can copy the ACD from directory dir1 to another
directory dir2:
:ALTSEC ./dir2/;COPYACD=./dir1/
You can also copy ACDs between devices. The following example copies the
ACD associated with ldev 5 to all devices in the device class TERM:
:ALTSEC TERM,DEVCLASS;COPYACD=5,LDEV
Copying Files That Have ACDs.
In order to use the COPY command to copy a file that has an ACD, you must
be either an owner of the source file or have READ access and RACD to the
source file. In order to use the FCOPY command to copy a file, you must
either be an owner of the source file or have both READ and RACD access
to the source file or use the ;NOACD option of FCOPY.
The ACD of the source file is also copied to the target file. The user
who copies the source file becomes the creator of the target file (and,
therefore, an owner of the ACD).
In order to use the STORE or RESTORE commands to back up or restore a
file that has an ACD, you must be either:
* An owner of the file
* A user who has both READ and RACD access to the file
* A user who has operator (OP) capability
If you are none of these, any attempt to either store or restore a file
that has an ACD results in an error unless you specify ;NOACD.
The STORE, RESTORE, and FCOPY commands each have an optional parameter
(;NOACD) that enables you to remove the ACD from a target file, removing
all security restrictions in effect for the target file. When an ACD is
removed from a file, standard file system security restrictions are
imposed.