HP 3000 Manuals HP 3000 Manuals
Restricting File Access
Associated with each account, group, and individual file is a list of
file access restrictions. Access restrictions apply to disk files only.
Their restrictions are based on the following:
* File access modes, such as reading, writing, saving, executing,
locking, and appending.
* User types, such as account librarians, group librarians, and
account members for whom certain access modes are allowed.
The access restrictions for any file describe who can access it and in
what manner.
Access Modes
Table 4-2 lists file access modes, the codes used to reference them,
and their meanings.
Table 4-2. File Access Modes
-----------------------------------------------------------------------------------------------
| | | |
| Access Modes | Mnemonic Code | Meaning |
| | | |
-----------------------------------------------------------------------------------------------
| | | |
| READ | R | Allows users to read files. |
| | | |
| LOCK | L | Permits a user to prevent concurrent access to a |
| | | file. Specifically, it permits the use of the |
| | | FLOCK and FUNLOCK intrinsics, and the |
| | | exclusive-access option of the HPFOPEN and FOPEN |
| | | intrinsics, all described in the MPE/iX Intrinsics |
| | | Reference Manual (32650-90028). |
| | | |
| APPEND | A | Allows users to add information and disk extents to |
| | | files, but prohibits them from altering or deleting |
| | | information already written. This access mode |
| | | implicitly allows the LOCK (L) access modes |
| | | described above. |
| | | |
| WRITE | W | Allows users general writing access, permitting |
| | | them to add, delete, or change any information in |
| | | files. This includes removing entire files from |
| | | the system with the PURGE command. WRITE (W) |
| | | access also implicitly allows the LOCK (L) and |
| | | APPEND (A) access modes described previously. |
| | | |
| SAVE | S | Allows users to declare files within a group as |
| | | permanent, and to rename such files. This includes |
| | | the ability to create new permanent files with the |
| | | BUILD command. |
| | | |
| EXECUTE | X | Allows users to run programs stated in files with |
| | | the RUN command or the CREATE and CREATEPROCESS |
| | | intrinsics. |
| | | |
-----------------------------------------------------------------------------------------------
User Types
Table 4-3 lists user types, the codes used to reference them, and
their complete descriptions.
Table 4-3. User Types
-----------------------------------------------------------------------------------------------
| | | |
| User Type | Mnemonic Code | Meaning |
| | | |
-----------------------------------------------------------------------------------------------
| | | |
| Any user | ANY | Any user defined in the system. This |
| | | includes all categories defined below. |
| | | |
| Account librarian | AL | User with account librarian capability, who |
| user | | can manage files within the account which |
| | | may include more than one group. |
| | | |
| Group librarian user | GL | User with group librarian capability, who |
| | | can manage certain files within a home |
| | | group only. |
| | | |
| Creating user | CR | The user who created this file. |
| | | |
| Group user | GU | Any user allowed to access this group as |
| | | the logon or home group, including all GL |
| | | users applicable to this group. |
| | | |
| Account member | AC | Any user authorized access to the system |
| | | under this account. This includes all AL, |
| | | GU, and CR users under this account. |
| | | |
-----------------------------------------------------------------------------------------------
Users with system manager or account manager capability bypass the
standard file access restrictions. A system manager has unlimited access
to any file in the system, but can save files only in the system
manager's own account. An account manager has unlimited access to any
file in the account, except one with a negative file code. The account
manager must have privileged mode (PM) capability to access a file with a
negative file code.
A file's group and account as well as your capabilities determine whether
you have access to the file. For example, group librarian capability
gives you special access to files in your home group. You do not have
special access to files in other groups.
NOTE As soon as an ACD is attached to a file all other file matrix
restrictions are ignored.
Specifying File Access Restrictions
When a user tries to access a file, the system checks the account-level,
group-level, and file-level file access restrictions. Those restrictions
must give the user access rights at all three levels. If the user fails
to pass the security check at any level, the system denies the user
access to the file.
Account file access restrictions are set when an account is created. You
set group file access restrictions when you create a group. As the
creator of a file, you can change its file-level access restrictions with
the ALTSEC command.
When you specify file access restrictions at a certain level, you list
the file access modes available to each type of user. This listing has a
special format. For example, at the account level, you might assign READ
and EXECUTE access to any user and APPEND, WRITE, and LOCK access only to
account users. These sample file security provisions have the following
format:
(R,X:ANY;A,W,L:AC)
In this example, READ and EXECUTE access are permitted to any user.
APPEND, WRITE, and LOCK access are permitted to account members only.
Account-Level File Security.
The system manager sets the access restrictions that apply to all files
within a given account when creating the account. A system manager can
change the initial restrictions at any time.
At the account level, the system recognizes two user types and five
access modes. The account-level user types are:
* Any user (ANY)
* Account member (AC)
The five account level access modes are:
* READ (R)
* LOCK (L)
* APPEND (A)
* WRITE (W)
* EXECUTE (X)
Refer to Table 3-1 for access mode descriptions and to Table 4-3
for user type descriptions.
If the file access restrictions for an account are not explicitly stated,
the system assigns the following default restrictions:
* For the SYS account, READ and EXECUTE access are permitted to all
users. APPEND, WRITE, and LOCK access are limited to account
members. Symbolically, these access restrictions are expressed as
follows: (R,X:ANY;A,W,L:AC).
* For all other accounts, READ, APPEND, WRITE, LOCK, and EXECUTE
access are limited to account members (R,A,W,L,X:AC).
Group-Level Security.
The account manager sets the file access restrictions that apply to all
files within a group when creating the group. They can be equal to or
more restrictive than the provisions specified at the account level. The
group's file access restrictions can also be less restrictive than those
of the account; such provisions effectively equate the group restrictions
with the account restrictions, because a user who fails a security check
at the account level is denied access at that point. The account manager
can change initial group file access restrictions at any time.
At the group level, the system recognizes five user types and six access
modes. Access modes can be assigned to user types in any combination.
The five group-level user types are:
* Any user (ANY)
* Account librarian (AL)
* Group librarian (GL)
* Group user (GU)
* Account member (AC)
The group level file access modes are:
* READ (R)
* LOCK (L)
* APPEND (A)
* WRITE (W)
* SAVE (S)
* EXECUTE (X)
Refer to Table 3-1 for access mode descriptions and to Table 4-3
for user type descriptions.
If you do not specify group file access restrictions, the following
default restrictions apply:
* For a public group (named PUB) whose files are normally accessible
in some way by all users within the account, READ and EXECUTE
access are permitted to any user; APPEND, WRITE, SAVE, and LOCK
access are limited to account librarian users and group users
(including group librarians) (R,X:ANY;A,W,S,L:AL,GU).
* For a public group (named PUB) of an account (named SYS), the
following default restrictions apply: (R,X,L:ANY;W,A,S:AL,GU).
* For all other groups in the account, READ, APPEND, WRITE,
SAVE, LOCK, and EXECUTE access are limited to group users
(R,A,W,S,L,X:GU).
File-Level Security.
When you create a file, it has the default file-level security provisions
assigned by MPE and the provisions assigned by the account and the group
to which it belongs. Only the creator of a file may use the ACCESS=
option of ALTSEC on a file. An Account Manager or System Manager can
change the file-level security provision with the ALTSEC command by
adding an ACD or changing and ACD. All access modes and all user types
apply at the file level. Refer to Table 3-1 and Table 4-3 for
their descriptions.
If no security provisions are explicitly specified by the creating user,
READ, APPEND, WRITE, LOCK, and EXECUTE access are permitted to all users
(R,A,W,L,X:ANY), for all files, by default.
Default File Access Restrictions.
Because the total security for a file always depends on security at all
three levels, a file not explicitly protected from a certain access mode
may benefit from the default protection at a higher level. For example,
the default access restrictions at the file level allow the file to be
read by any user, but the restrictions at the group level allow access
only to group users. Thus, the file can be read only by a group user.
In summary, the default file access restrictions at the account, group,
and file levels combine to result in overall default file access
restrictions as shown in Table 4-4 .
Table 4-4. Default File Access Restrictions
---------------------------------------------------------------------------------------------------
| | | | |
| | File | | Save Access |
| File | Reference | Access Permitted | To Group |
| | | | |
---------------------------------------------------------------------------------------------------
| | | | |
| Any file in public group | filename. PUB.SYS | (R,X:ANY; W:AL, GU) | AL, GU |
| of system account | | | |
| | | | |
| Any file in any group in | filename. groupname.SYS | (R,W,X:GU) | GU |
| system account | | | |
| | | | |
| Any file in public group | filename. PUB | (R, X:AC; W:AL, GU) | AL, GU |
| of any account | accountname | | |
| | | | |
| Any file in any group in | filename.groupname. | (R,W,X:GU) | GU |
| any account | accountname | | |
| | | | |
---------------------------------------------------------------------------------------------------
In other words, when the default security provisions are in force at all
levels, the standard user with default user attributes, has:
* Unlimited access (in all modes) to all files in the logon group
and the home group.
* READ and EXECUTE access (only) to all files in the PUB group of
the individual's account, and in the SYS account's PUB group.