HP 3000 Manuals HP 3000 Manuals
Controlling access to files and directories New access attributes for ACDs have been added to support security for hierarchical directories. The access attributes associated with directories are as follows: * CD--create directory entries * DD--delete directory entries * TD--traverse directory entries * RD--read directory entries Users need appropriate permission to access a directory and its contents. For example, the owner of a directory can grant create directory entries (CD) access to other users. Users can only create files or other directories within a directory if they have CD access to the directory. RD access and TD access differ as follows. If a user wants to use LISTFILE to list the files in a directory, the user needs RD permission for that directory. But, if a user wants to access a file such as /users/jeff/address, the user needs to have TD permission for all the directories in the path; that is, /, users, and jeff in this case. By default, all users can read the contents of and traverse the root directory, all MPE accounts, and all MPE groups. However, to create or delete the contents of a file, you must have the appropriate access permission to open the file itself. Because the root, accounts, and MPE groups are special types of directories on MPE/iX, you cannot control access to them using ACDs. You cannot apply TD, DD, CD, or RD to MPE groups or accounts. You need to use existing mechanisms. For example, use the ALTGROUP command to change save access permissions for MPE groups. Object creation Creating an object, which is creating an entry for a file or directory within a directory, requires that a process have TD and CD access to the object's parent directory and SF capability. For an MPE group, SAVE access is equivalent to CD access (see "SAVE access in MPE groups"). Users with SM capability can create files and directories anywhere on the system. Users without SM capability can create files and directories outside their logon account in any directory that they can traverse to and to which they have been granted CD access. Object deletion To delete a file or subdirectory from a directory, you must have DD access to the directory. For files in MPE groups, you only need WRITE access to the file. For directories in MPE groups, you only need SAVE access to the MPE group. For more information, refer to "Deleting Directories" in Chapter 6 and "Deleting Files" in Chapter 7. File renaming Any user with the proper access can rename a file. To rename a file within the same directory or from one HFS directory to another, you must have both DD and CD access. DD is required to delete the old entry from the directory where the file resides, and CD is required to create the new directory entry. For more information, refer to "Renaming Files" in Chapter 7. You can rename a file from one directory to another if you have DD access to the directory in which the file is located and CD access to the directory where you want the renamed file to reside. Users with SM capability can rename files anywhere on the system. To rename a file from an MPE group in one account to an MPE group in another account, you must have SM capability. If you rename a file that does not have an ACD from an MPE group to a directory that is not an MPE group, an ACD is automatically generated for it. This is required because the security matrix cannot protect the file any longer. If you rename a file (that does not have an ACD) from an MPE group to another MPE group outside the original account, an ACD is automatically generated for it, because the file's GID would no longer match the parent group's GID and would not be protected by the file access matrix. File owner A file (or directory) owner has complete access to the file unless the user is restricted by a $OWNER ACD entry. Now that there is a $OWNER ACD entry, you can restrict the file access of the file owner. For example, MGR.PAYROLL is the creator (owner) of the file MYFILE. On Releases 3.0 and 4.0, the owner's access cannot be restricted by an ACD or the file access matrix. So on Release 3.0 and 4.0 systems, MGR.PAYROLL still has all the access permissions on this file even if an ACD pair specifies only read permission (R:MGR.PAYROLL). As of Release 4.5, the access of the owner can be restricted by using the $OWNER ACD entry. Assigning (R:$OWNER) restricts the owner to having read permission only. However, a file owner can always modify the ACD, thus removing any restrictions specified by $OWNER when they are no longer necessary. SAVE access in MPE groups Create directory entries (CD) access and delete directory entries (DD) access to all MPE groups is governed by appropriate privileges or SAVE access. (A complete definition of appropriate privilege appears later in this chapter.) SAVE access for an MPE group implies CD and DD permission for directory entries. That is, a user can create or delete a directory in an MPE group if the group grants SAVE access to the user. However, you still need write access to a file, in addition to SAVE access, to be able to delete it from an MPE group. For more information, refer to "Creating and Naming Directories" in Chapter 6. CWD and file security You can change your current working directory (CWD) to any directory (including an MPE account, an MPE group, the root directory, or an HFS directory) as long as you have TD access to the directories in the path to the directory. This means that you can change your CWD to any MPE group on the system because all users have RD and TD access to the root directory, all accounts, and all MPE groups, by default. It is important to note that changing your CWD to a new MPE group (using the CHDIR command) does not make you a GU user of the new group. GU is based on your logon group and account; this can only be changed using CHGROUP. If you attempt to access a file in the new group, you may not be able to access it. If the new group is in your logon account, you are allowed account level privileges (AC) in the new group. If the new group is not in your logon account, you are allowed the access privileges given to any user (ANY). No password check is done when you change your CWD. This is unlike CHGROUP which does a password check.