HP 3000 Manuals HP 3000 Manuals
Access to Directories You can use access control definitions (ACDs) to grant the following accesses to directories: CD - Create directory entries DD - Delete directory entries RD - Read directory entries TD - Traverse directory entries RACD - Read ACD NONE - No access
NOTE By default, directories allow Read ACD privilege to all users on the system (RACD:@.@). You assign or change directory ACDs using the ALTSEC command.
You can use the LISTFILE command to display directory ACDs. Refer to Chapter 9 for more information about ACDs and to the MPE/iX Commands Reference Manual, Vol. I (32650-90003) for detailed syntax and descriptions of ALTSEC and LISTFILE. The separation of creating and deleting directory entry permissions could be used to allow a user to create files in a directory but not be able to purge them. The root directory, accounts, and groups cannot be assigned ACDs. However, all users are granted access equivalent to read directory entries (RD) access and traverse directory entries (TD) access to root, all accounts, and all MPE groups. Initially, only the system manager has create directory entries (CD) and delete directory entries (DD) access to root. Save access for an MPE group implies CD and DD permission. A user can create or delete a directory in an MPE group if the group grants Save access to the user. The only users that can create files or directories in accounts are users with SM capability, or users with AM capability in their own accounts. Once a file or directory is created under the root or an account, the security for that object can be changed to allow broader access, if desired.