HPlogo User's Guide to MPE/iX Security: HP 3000 MPE/iX Computer Systems > Chapter 3 Protecting Your System with Access Control Definitions (ACDs)

Tasks Involving System Security

» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

The following sections describe tasks relating to system security such as listing ACDs, assigning ACDs, changing ACDs, and copying ACDs.

Listing ACDs

Use the -2 listfile option of the LISTFILE or LISTF commands to list ACD information associated with a file. Any user on a system can use these commands to determine if a file has an ACD. In order to view the contents of an ACD, you must be either an owner of the file or be a user granted RACD access to that file.

Use the SHOWDEV command to list ACD information associated with a logical device, device name, or device class. Only a system manager and users granted RACD access can view the contents of a device ACD.

If you are the user DENNIS.ADMIN and you want to view the contents of ACDs for all files in group and account DEV.ENGR, enter:

   LISTFILE @.DEV.ENGR,-2

The screen displays:

   ACCOUNT =  ENGR      GROUP=DEV



   FILENAME        ------------ACD ENTRIES-----------

    

   RLDSPR               NO ACDS

   QUEXINK              TEST.ENGR      : X,A,L

                        DENNIS.ADMIN   : RACD

                        HENRY.MFG      : NONE

                        THO.ENGR       : W

                        TOM.ENGR       : R,W

   BFDFILE              NO ACD ACCESS

In the previous example, you (DENNIS.ADMIN) have permission to view the ACD associated with QEXINK. While the file BFDFILE has an ACD associated with it, you do not have permission to view its ACD contents.

The file RLDSPR has no ACD, so access to this file is determined through standard file system security features. Enter LISTFILE RLDSPR, -3 to obtain security provisions in effect for RLDSPR.

Listing ACDs for directories and files in directories

Because ACDs supersede other security mechanisms, it is useful to be able to determine whether or not an HFS directory or file has an ACD assigned to it and, if so, what it is. Any directories or files residing outside of traditional MPE groups are automatically assigned ACDs when they are created. You can list ACDs by using the LISTFILE command with the -2 (also called ACD) option.

The following example shows how to list the ACD associated with the directory called letters. Notice that the user named JONES in the OFFICE account has RD (read directory entries) access to the letters directory. All other users on the system have both RD and TD (traverse directory entries) access to letters.

   listfile /dir0/letters,-2 



    PATH=/dir0/



    ------------ACD ENTRIES-------------- FILENAME



        JONES.OFFICE       : RD           letters/

        @.@                : RD,TD

In the next example, the directory GRP is assigned the default ACD. All users can read the ACD assigned to the directory. Only the creator and the system manager can change it. Also, note that -2 is replaced with the textual equivalent ACD.

   listfile /OFFICE/GRP,ACD



    PATH=/OFFICE/



    ------------ACD ENTRIES-------------- FILENAME



    @.@                : RACD             GRP/

In the next example, the file assets has an ACD assigned to it. The ACD is listed from the most specific (such as a particular user in a particular account) to the least specific (all other users in all other accounts). User ZONIS in the OFFICE account has R (read) access to the file assets. Other users in the OFFICE account have both R and W (write) access to the file. And all other users in other accounts have R, W, and X (execute) access to the file.

   listfile /OFFICE/GRP/assets,-2



    PATH=/OFFICE/GRP/



    ------------ACD ENTRIES-------------- FILENAME



   ZONIS.OFFICE      : R            assets

   @.OFFICE          : R,W            

   @.@               : R,W,X            

The next example shows how you can list the ACDs for all of the files in the GRP directory. It shows the ACDs on the file assets as in the previous example and lists the ACDs on the other two files in the directory.

   listfile /OFFICE/GRP/@,-2



    PATH=/OFFICE/GRP/



   ------------ACD ENTRIES------------ FILENAME



   ZONIS.OFFICE      : R               assets

   @.OFFICE          : R,W            

   @.@               : R,W,X            

   ZONIS.OFFICE      : R               bills

   WILKE.OFFICE      : R,W

   @.@               : R,W,X            

   SMITH.OFFICE      : R               goods

   @.OFFICE          : R,W,X            

Changing access to HFS files and directories

Because access to MPE/iX files and hierarchical directories is controlled by ACDs, system users may want to change the defaults assigned when files or directories are created.

For the purpose of selectively restricting access to files with ACDs, users can be classified into three groups:

  • Individual users

  • Specific groups of users

  • All other users

Creating ACDs

Use the NEWACD option of the ALTSEC command to create an ACD and assign it to a file or device. You must be an owner of a file to create and assign an ACD to that file. Only a system manager can assign ACDs to logical devices, device names, and device classes.

You can assign ACD pairs to the new ACD either from within the command line or by referencing a file that contains one or more ACD pairs.

To create an ACD and assign it to the file PROGNAME, enter:

   ALTSEC PROGNAME;NEWACD=(X:@.@;W:@.ACCT)

This ACD grants all users on the system EXECUTE access to PROGNAME, but only users in account ACCT can write to it.

The following example performs the same action as the last example by referencing a file that contains ACD pairs:

   ALTSEC PROGNAME;NEWACD=^ACDFILE

In the previous example, the ACD pairs X:@.@ and W:@.ACCT are located in the text file ACDFILE. ACD pairs are separated by semicolons.

To create an ACD that prevents any user except OPERATOR.SYS and the system manager from accessing LDEV 7 (a tape drive), enter:

   ALTSEC 7,LDEV;NEWACD=(R,W:OPERATOR.SYS)

Some access modes are not applicable to certain devices. For example, it makes no sense to execute or append a tape drive. Access modes not applicable to a device can be assigned but are ignored.

Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364) for further information about the ALTSEC command.

Assigning ACDs

For example, you may want to assign ACD permissions to restrict access to a sensitive file so that only you and your manager can read it. You may also want to restrict access to a sensitive directory so that only certain members of a group can create files in it.

Use the ALTSEC command to change access permissions to a file or hierarchical directory. System managers can assign ACDs on any file or directory in the system. They must supply the lockword for any lockword-protected files before they can assign an ACD, however. Once the file has an ACD, the ACD supersedes the lockword.

You can use the ADDPAIR option with the ALTSEC command to add ACD pairs to an object that already has an ACD. (You must use the NEWACD option to assign ACDs to files having no ACDs.)

For example, to assign a new ACD that gives all users on the system total access to the file NUMBERS:

   :ALTSEC NUMBERS;NEWACD=(R,W,L,A,X,RACD:@.@)

The file SUMMARY has an ACD (RACD:@.@). You want to grant read and write access to users in your account:

   :ALTSEC SUMMARY;ADDPAIR=(W,R:@.ACCT)

Adding an ACD Pair

Use the ADDPAIR parameter of the ALTSEC command to add an ACD pair to an ACD.

To add a new ACD pair that grants the user ENGR.LAB the access modes READ, WRITE, LOCK, APPEND, EXECUTE, and RACD to the file PROGNAME, enter:

   ALTSEC PROGNAME;ADDPAIR=(R,W,L,A,X,RACD:ENGR.LAB)
NOTE: ACDs cannot be used to protect Image SQL files because they have their own protection.

Replacing an ACD Pair

Use the REPPAIR parameter of the ALTSEC command to replace an existing ACD pair with a new ACD pair.

To replace the access permissions previously assigned to the user ENGR.LAB with READ access to the file PROGNAME, enter:

   ALTSEC PROGNAME;REPPAIR=(R:ENGR.LAB)

Replacing ACDs

You can replace the current ACD by using the REPACD option with the ALTSEC command.

All users in the MKTG account currently have RD and TD access to the directory van. The users can only move through van and read the names of files in it. Instead, you want to grant all users in MKTG greater access to the contents of the directory. You want them to be able to create directory entries, delete directory entries, read directory entries, traverse directory entries, and to be able to read the ACD.

For example,

   :ALTSEC ./van;REPACD=(CD,DD,RD,TD,RACD:@.MKTG)

This option is useful when you want to change the default ACDs assigned to HFS directories and to files outside of MPE groups.

Modifying ACDs

Once an ACD is assigned to a file or device, you can modify the contents of the ACD by adding, deleting, or replacing ACD pairs. You must be an owner of a file in order to modify its ACD. Only a system manager can modify ACDs assigned to logical devices, device names, and device classes.

Deleting ACDs

Use the DELACD parameter of ALTSEC to delete an ACD assigned to a file or device. You must be an owner of a file in order to delete an ACD from that file. Only a system manager can delete ACDs from logical devices, device names, and device classes.

To eliminate any ACD that may be in effect for device class LP, enter:

   ALTSEC LP,DEVCLASS;DELACD

Deleting an ACD Pair

Use the DELPAIR parameter of the ALTSEC command to delete a user name from an ACD. All other user names are unaffected.

To delete from the ACD assigned to PROGNAME only the ACD pair where the userspecs part exactly matches @.@, enter:

   ALTSEC PROGNAME;DELPAIR=(@.@)

Deleting Optional ACDs

You can only delete optional ACDs on files in MPE groups that can be protected by the file access matrix.

Users in the ACCT account have read access to the file /ACCT/PUB/dir1/summary and all other users have read ACD access to the file (R:@.ACCT;RACD:@.@). If you decide that the users in ACCT should no longer have read access to the file, you can delete previously assigned ACD pairs (but you cannot delete the entire ACD):

   :ALTSEC /ACCT/PUB/dir1/summary;DELPAIR=(@.ACCT)

The above example deletes read access to file summary for all users in ACCT but still allows all users (including those in ACCT) RACD access to the file.

You try to specify the following command to delete the ACD pair that matches @.@, which is the only ACD pair left on the file:

:   ALTSEC /ACCT/PUB/dir1/summary;DELPAIR=(@.@)

Because this file is located in an HFS directory, it is required to have ACDs and cannot be protected by the file access matrix. You receive an error message and the ACD will not be deleted:

Cannot delete ACDs from objects where file matrix security does not apply. (CIERR 7330)

If the file REPORT is a file in an MPE group, its GID matches the GID of its parent group, and its ACD is not required, you can use the following command to delete all ACD pairs:

:   ALTSEC REPORT;DELACD

Copying ACDs

Use the COPYACD parameter of the ALTSEC command to copy an ACD from a source file to a target file or device. In order to copy an ACD, you must be an owner of the source file or a user granted RACD access to the source file. In addition, you must be an owner of the target file.

To copy the ACD from the file PROGNAME to the file NEWFILE, enter:

   ALTSEC NEWFILE;COPYACD=PROGNAME

Copying ACD Pairs

You can copy ACD pairs from one file to another or from one directory to another. This is particularly useful if you assign a complex set of ACDs to one file or directory and you want to assign the same set to another file or directory.

NOTE: You can only copy an ACD from one file to another or from one directory to another. You can't copy an ACD from a directory to a file or vice versa.

For example, you can copy the ACD from directory dir1 to another directory dir2:

   :ALTSEC ./dir2/;COPYACD=./dir1/

You can also copy ACDs between devices. The following example copies the ACD associated with ldev 5 to all devices in the device class TERM:

   :ALTSEC TERM,DEVCLASS;COPYACD=5,LDEV

Copying Files That Have ACDs

In order to use the COPY command to copy a file that has an ACD, you must be either an owner of the source file or have READ access and RACD to the source file. In order to use the FCOPY command to copy a file, you must either be an owner of the source file or have both READ and RACD access to the source file or use the ;NOACD option of FCOPY.

The ACD of the source file is also copied to the target file. The user who copies the source file becomes the creator of the target file (and, therefore, an owner of the ACD).

In order to use the STORE or RESTORE commands to back up or restore a file that has an ACD, you must be either:

  • An owner of the file

  • A user who has both READ and RACD access to the file

  • A user who has operator (OP) capability

If you are none of these, any attempt to either store or restore a file that has an ACD results in an error unless you specify ;NOACD.

The STORE, RESTORE, and FCOPY commands each have an optional parameter (;NOACD) that enables you to remove the ACD from a target file, removing all security restrictions in effect for the target file. When an ACD is removed from a file, standard file system security restrictions are imposed.

Feedback to webmaster