HP 3000 Manuals HP 3000 Manuals
Lesson 3 File and Group Security
Lesson 3 presents the MPE/iX security provisions for files and groups.
* file security in your home group
* file security in the PUB group
* file security in other groups
MPE/iX protects files by restricting access to them.
With only the default set of capabilities, you cannot log on to one group
and use a file that is located in another group.
Some exceptions exist:
* The file you want to work with has been released with the RELEASE
command.
* The group in which the file is located is either the PUB group or
your home group.
With only the default set of capabilities, if you can log on to a group,
you can use any file in that group.
These are exceptions:
* The file is protected by being locked with a lockword.
* The file is protected by some other system security measure.
NOTE Be aware that your system manager can modify the security
provisions on your system to meet the needs of your organization.
File security in your Home group
With only the default set of capabilities, you can always access (read,
change, save) any file in your home group, no matter what group you log
on to.
File Security in PUB
With only the default set of capabilities, you can at least read (and
probably change) any file in the PUB group, no matter what group you log
on to. But in most cases, you cannot then save that file back to the PUB
group unless you have advanced capabilities, or unless the file has been
released with the RELEASE command.
You can, however, save this "borrowed" file to your current group, the
one in which you are actively working.
Using your logon identity, log on to your PUB group:
HELLO username.accountname,PUB''Return
NOTE The following exercise only works if you do not have AM capability.
Create an EDIT/3000 file that contains the following three lines:
________________________________________________________________________
| |
| |
| This is the file called REPORT. |
| It is very short. |
| The end. |
| |
________________________________________________________________________
Keep this file as REPORT and exit the editor.
Log on to your OTHERGRP group:
HELLO username.acctname,OTHERGRPReturn
Get into the editor again:
EDITORReturn
Try to text in REPORT:
TEXT REPORTReturn
The problem is that REPORT is in the PUB group, and you are now in
OTHERGRP.
MPE/iX assumes that the file that you want to work on is in your current
logon group. To tell MPE/iX that REPORT is in another group, you need to
specify the REPORT file with a partly qualified file name.
A partly qualified file name is the file name plus a period plus the name
of the group in which the file resides. The partly qualified form of
REPORT is REPORT.PUB
Do this:
TEXT REPORT.PUBReturn
Because the REPORT file is located in the PUB or public group, you are
able to access and text it into your work session in the OTHERGRP group.
Enter:
LIST ALLReturn
Add the following lines to the REPORT file. (Use the ADD subcommand.)
________________________________________________________________________
| |
| |
| This is the REPORT file in the PUB group. |
| |
________________________________________________________________________
The goal now is to save (KEEP) REPORT back to the PUB group.
The problem is that you are still in group OTHERGRP.
Do
this:
KEEPReturn
The editor remembers that the file came from the PUB group, so it
attempts to save the edited version of the file back to the PUB group.
Enter YES when you are asked whether to purge the old REPORT file.
This should appear on the screen:
________________________________________________________________________
| |
| |
| REPORT.PUB REPORT.PUB ALREADY EXISTS - RESPOND YES TO PURGE |
| OLD |
| AND KEEP NEW PURGE OLD?YES *60*FCLOSE FAILURE (93) |
| SECURITY VIOLATION (FSERR 93) |
| |
________________________________________________________________________
This security violation occurred for the following reasons:
* You can look at a file in the PUB group. You can text it into the
editor's workspace and edit it there. But if PUB is not your home
group, you are not allowed to save the file back into the PUB
group. (Saving a file really involves the opening and closing of
a file, hence the wording of the error message.)
* Without advanced capabilities (AM, for instance), you cannot then
save the altered file back to the PUB group.
* The file REPORT in the PUB group remains unchanged, despite the
changes in the file held in the workspace for editing.
This prevents unauthorized changes to the original file in its original
group (the PUB group in this case), however, it is possible to save the
file in the group to which you are logged on.
Now try saving the file as REPORT, without the PUB qualifier:
K REPORT.OTHERGRPReturn
REPORT has now been kept in your OTHERGRP group as a new file.
File security in other groups
Stricter security applies to any group that is not PUB or your home
group.
Log back on to your PUB group. Get into the editor and try to text in
the REPORT.OTHERGRP file. What happened? You should see the following
on your screen:
________________________________________________________________________
| |
| |
| +-F-I-L-E---I-N-F-O-R-M-A-T-I-O-N---D-I-S-P-L-A-Y+ ! ERROR |
| NUMBER: 93 RESIDUE: 0 ! ! BLOCK NUMBER: 0 NUMREC: 0 ! |
| +------------------------------------------------+ *23*FAILURE |
| TO OPEN TEXT FILE (93) SECURITY VIOLATION (FSERR 93) / |
| |
________________________________________________________________________
If you are not the creator of the file (the username.accountname,groupname
that the system recognizes as the creator of the file), the system
informs you that you have attempted to violate a security provision.
You cannot read, copy, or edit and keep a file from a non-PUB group that
is not your home group unless:
* You are the manager of the account.
* You are the creator of the file releases the security provisions
that protect that file.
* You are logged onto that group.
You learn how to release those security provisions in module 5, "Working
with Files."
NOTE The computer recognizes the creator of a file as the user.account
identity of the person who first created the file.
The concept of account security becomes a little clearer in the context
of copying and deleting files. That is why the subject comes up again in
module 5, "Working with Files."
Remember: if you have files that must be kept entirely secure, keep them
in a group other than PUB.