|
|
User's Guide to MPE/iX Security: HP 3000 MPE/iX Computer Systems > Chapter 3 Protecting Your System with Access Control Definitions (ACDs)Tasks Involving System Security |
|
The following sections describe tasks relating to system security such as listing ACDs, assigning ACDs, changing ACDs, and copying ACDs. Use the -2 listfile option of the LISTFILE or LISTF commands to list ACD information associated with a file. Any user on a system can use these commands to determine if a file has an ACD. In order to view the contents of an ACD, you must be either an owner of the file or be a user granted RACD access to that file. Use the SHOWDEV command to list ACD information associated with a logical device, device name, or device class. Only a system manager and users granted RACD access can view the contents of a device ACD. If you are the user DENNIS.ADMIN and you want to view the contents of ACDs for all files in group and account DEV.ENGR, enter:
The screen displays:
In the previous example, you (DENNIS.ADMIN) have permission to view the ACD associated with QEXINK. While the file BFDFILE has an ACD associated with it, you do not have permission to view its ACD contents. The file RLDSPR has no ACD, so access to this file is determined through standard file system security features. Enter LISTFILE RLDSPR, -3 to obtain security provisions in effect for RLDSPR. Because ACDs supersede other security mechanisms, it is useful to be able to determine whether or not an HFS directory or file has an ACD assigned to it and, if so, what it is. Any directories or files residing outside of traditional MPE groups are automatically assigned ACDs when they are created. You can list ACDs by using the LISTFILE command with the -2 (also called ACD) option. The following example shows how to list the ACD associated with the directory called letters. Notice that the user named JONES in the OFFICE account has RD (read directory entries) access to the letters directory. All other users on the system have both RD and TD (traverse directory entries) access to letters.
In the next example, the directory GRP is assigned the default ACD. All users can read the ACD assigned to the directory. Only the creator and the system manager can change it. Also, note that -2 is replaced with the textual equivalent ACD.
In the next example, the file assets has an ACD assigned to it. The ACD is listed from the most specific (such as a particular user in a particular account) to the least specific (all other users in all other accounts). User ZONIS in the OFFICE account has R (read) access to the file assets. Other users in the OFFICE account have both R and W (write) access to the file. And all other users in other accounts have R, W, and X (execute) access to the file.
The next example shows how you can list the ACDs for all of the files in the GRP directory. It shows the ACDs on the file assets as in the previous example and lists the ACDs on the other two files in the directory.
Because access to MPE/iX files and hierarchical directories is controlled by ACDs, system users may want to change the defaults assigned when files or directories are created. For the purpose of selectively restricting access to files with ACDs, users can be classified into three groups:
Use the NEWACD option of the ALTSEC command to create an ACD and assign it to a file or device. You must be an owner of a file to create and assign an ACD to that file. Only a system manager can assign ACDs to logical devices, device names, and device classes. You can assign ACD pairs to the new ACD either from within the command line or by referencing a file that contains one or more ACD pairs. To create an ACD and assign it to the file PROGNAME, enter:
This ACD grants all users on the system EXECUTE access to PROGNAME, but only users in account ACCT can write to it. The following example performs the same action as the last example by referencing a file that contains ACD pairs:
In the previous example, the ACD pairs X:@.@ and W:@.ACCT are located in the text file ACDFILE. ACD pairs are separated by semicolons. To create an ACD that prevents any user except OPERATOR.SYS and the system manager from accessing LDEV 7 (a tape drive), enter:
Some access modes are not applicable to certain devices. For example, it makes no sense to execute or append a tape drive. Access modes not applicable to a device can be assigned but are ignored. Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364) for further information about the ALTSEC command. For example, you may want to assign ACD permissions to restrict access to a sensitive file so that only you and your manager can read it. You may also want to restrict access to a sensitive directory so that only certain members of a group can create files in it. Use the ALTSEC command to change access permissions to a file or hierarchical directory. System managers can assign ACDs on any file or directory in the system. They must supply the lockword for any lockword-protected files before they can assign an ACD, however. Once the file has an ACD, the ACD supersedes the lockword. You can use the ADDPAIR option with the ALTSEC command to add ACD pairs to an object that already has an ACD. (You must use the NEWACD option to assign ACDs to files having no ACDs.) For example, to assign a new ACD that gives all users on the system total access to the file NUMBERS:
The file SUMMARY has an ACD (RACD:@.@). You want to grant read and write access to users in your account:
Use the ADDPAIR parameter of the ALTSEC command to add an ACD pair to an ACD. To add a new ACD pair that grants the user ENGR.LAB the access modes READ, WRITE, LOCK, APPEND, EXECUTE, and RACD to the file PROGNAME, enter:
Use the REPPAIR parameter of the ALTSEC command to replace an existing ACD pair with a new ACD pair. To replace the access permissions previously assigned to the user ENGR.LAB with READ access to the file PROGNAME, enter:
You can replace the current ACD by using the REPACD option with the ALTSEC command. All users in the MKTG account currently have RD and TD access to the directory van. The users can only move through van and read the names of files in it. Instead, you want to grant all users in MKTG greater access to the contents of the directory. You want them to be able to create directory entries, delete directory entries, read directory entries, traverse directory entries, and to be able to read the ACD. For example,
This option is useful when you want to change the default ACDs assigned to HFS directories and to files outside of MPE groups. Once an ACD is assigned to a file or device, you can modify the contents of the ACD by adding, deleting, or replacing ACD pairs. You must be an owner of a file in order to modify its ACD. Only a system manager can modify ACDs assigned to logical devices, device names, and device classes. Use the DELACD parameter of ALTSEC to delete an ACD assigned to a file or device. You must be an owner of a file in order to delete an ACD from that file. Only a system manager can delete ACDs from logical devices, device names, and device classes. To eliminate any ACD that may be in effect for device class LP, enter:
Use the DELPAIR parameter of the ALTSEC command to delete a user name from an ACD. All other user names are unaffected. To delete from the ACD assigned to PROGNAME only the ACD pair where the userspecs part exactly matches @.@, enter:
You can only delete optional ACDs on files in MPE groups that can be protected by the file access matrix. Users in the ACCT account have read access to the file /ACCT/PUB/dir1/summary and all other users have read ACD access to the file (R:@.ACCT;RACD:@.@). If you decide that the users in ACCT should no longer have read access to the file, you can delete previously assigned ACD pairs (but you cannot delete the entire ACD):
The above example deletes read access to file summary for all users in ACCT but still allows all users (including those in ACCT) RACD access to the file. You try to specify the following command to delete the ACD pair that matches @.@, which is the only ACD pair left on the file:
Because this file is located in an HFS directory, it is required to have ACDs and cannot be protected by the file access matrix. You receive an error message and the ACD will not be deleted:
If the file REPORT is a file in an MPE group, its GID matches the GID of its parent group, and its ACD is not required, you can use the following command to delete all ACD pairs:
Use the COPYACD parameter of the ALTSEC command to copy an ACD from a source file to a target file or device. In order to copy an ACD, you must be an owner of the source file or a user granted RACD access to the source file. In addition, you must be an owner of the target file. To copy the ACD from the file PROGNAME to the file NEWFILE, enter:
You can copy ACD pairs from one file to another or from one directory to another. This is particularly useful if you assign a complex set of ACDs to one file or directory and you want to assign the same set to another file or directory.
For example, you can copy the ACD from directory dir1 to another directory dir2:
You can also copy ACDs between devices. The following example copies the ACD associated with ldev 5 to all devices in the device class TERM:
In order to use the COPY command to copy a file that has an ACD, you must be either an owner of the source file or have READ access and RACD to the source file. In order to use the FCOPY command to copy a file, you must either be an owner of the source file or have both READ and RACD access to the source file or use the ;NOACD option of FCOPY. The ACD of the source file is also copied to the target file. The user who copies the source file becomes the creator of the target file (and, therefore, an owner of the ACD). In order to use the STORE or RESTORE commands to back up or restore a file that has an ACD, you must be either:
If you are none of these, any attempt to either store or restore a file that has an ACD results in an error unless you specify ;NOACD. The STORE, RESTORE, and FCOPY commands each have an optional parameter (;NOACD) that enables you to remove the ACD from a target file, removing all security restrictions in effect for the target file. When an ACD is removed from a file, standard file system security restrictions are imposed. |
|