HPlogo User's Guide to MPE/iX Security: HP 3000 MPE/iX Computer Systems > Chapter 4 Protecting Your Files with Capabilities, File Access Restrictions and Lockwords

Releasing and Securing File Security
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Sometimes other users need temporary access to your files. For example, individual members of a project team might keep their own records of the hours they worked on different aspects of the project. At the end of the month, the project manager compiles the individual reports into a team report. To compile the team report, the manager might copy the team members' time record files into a single file. To do so, the manager needs temporary access to the team members' time record files.

Give all users temporary access to a file by releasing that file. Releasing and securing a file can be executed only by the creator of that file.

NOTE: Releasing a file removes all access restrictions to that file.

Release a file with the RELEASE command. For example:

   RELEASE MYHOURS.SMITH.PROJECTX

The file remains released until it is secured with the SECURE command. For example:

   SECURE MYHOURS.SMITH.PROJECTX

When default file access restrictions are in effect, general users can release and secure files only in their logon group and account.

Summary

Here is a summary of some important file system security rules:

  • General users can create files only in their own accounts.

  • Only the creator can modify a file's security or rename the file.

  • If a file has a lockword, that lockword is required to open the file.

  • An account manager has unlimited access to every file within an account. When accessing a protected file created by any other user of the account, the manager must supply the lockword, but can use the LISTFILE or LISTF commands to discover it. For example, the following command lists the lockword for a file named SECRET:

       LISTFILE SECRET

  • The system manager has unlimited access to any file in the system, including the ability to view lockwords.

  • The RELEASE command allows unlimited file access, and the SECURE command secures a file that has been released. To release all security provisions on a file called FREEME, enter: 

       RELEASE FREEME

    To restore security provisions that were previously in effect for FREEME, enter:

       SECURE FREEME

  • The ALTSEC command restricts access to specific files in a group to which access is normally not restricted.

Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364) for further information about the ALTSEC, LISTFILE, LISTF, RELEASE, and SECURE commands.



Lockwords
  		 


Appendix A Error Messages  
Feedback to webmaster