Prior to MPE/iX Release 4.5, files could not be renamed
across account boundaries. A reason for this restriction was
to ensure file security. This restriction also made it so
that disk space would be accounted to the account in which
the user was located. File ownership specified in the file's
label was limited to only the creator name in the form
username, a character string representing the name of
the user who created the file (for example, LINDA). A
creator name was only unique within a single MPE account,
not across the whole system. A different account may have
the same user name to specify a different user.
For example, LINDA.FINANCE has complete access to all
files in the FINANCE account where the file's creator
specifies LINDA. In addition, LINDA.MARKETNG has
complete access to all files in the MARKETNG account
where the file's creator specifies LINDA. If a file
created by LINDA.FINANCE was allowed to be renamed to
the MARKETNG account, the file system would allow
LINDA.MARKETNG to have total access to that file,
believing that LINDA in account MARKETNG was the
creator. This is considered a security breach.
Beginning with MPE/iX Release 4.5, all newly created files,
renamed files, and copied files have file ownership
specified in the file label in the form
username.accountname. This enhancement of file
ownership from creator (in the form username) to owner
(in the form username.accountname) ensures the
uniqueness of file ownership across the whole system. This
enhancement of file ownership corresponds to the new feature
of a user ID (UID) associated with each user on the system.
Using the example specified above, the file label of a file
created by LINDA.FINANCE that is renamed to the
MARKETNG account specifies the creator/owner to be
LINDA.FINANCE. The file system is able to distinguish
owner LINDA.FINANCE from LINDA.MARKETNG and does not
allow LINDA.MARKETNG creator/owner access to that file.
File labels of files existing on your system prior to MPE/iX
Release 4.5 that have not been copied or renamed continue to
specify ownership using only the creator name (in the form
username). Since these files remain within the MPE
account structure (that is, directly under MPE groups),
either standard MPE file system security features or ACDs
continue to ensure security for these files.
When a file is renamed across account boundaries, the file
owner can continue to access the file as the owner only if
MPE/iX security provisions allow him/her access to that
file. (However, the renamed file still belongs to the
original file group and is still managed by the original
account manager.)
For example, if a process being executed by
LINDA.FINANCE were to call the FRENAME intrinsic to
rename a file PAYROLL to
/MARKETNG/PUB/directory1/PAYROLL, the process (whose UID
is currently associated with LINDA.FINANCE) must have
either SM capability assigned to the user associated with
the process's UID or the following access rights:
MPE save files (SF) capability assigned to the user associated with the process's UID (in this case, LINDA.FINANCE).
Delete directory entry (DD) access to the source file's parent directory (specified in the ACD associated the directory).
Traverse directory (TD) access to all parent directories of the target file (specified in the ACD associated with each directory).
Create directory entry (CD) access to the target file's parent directory (specified in the ACD associated with directory1/).
Standard file system security provisions or the ACD associated with the source file allows the user write access to the source file if it lives in a group. Write access to the file is only required for files in MPE groups. It is part of the definition of DD access for groups.
For additional restrictions on renaming a file using the FRENAME intrinsic or the RENAME command, refer to the appropriate descriptions located in the MPE/iX Intrinsics Reference Manual (32650-90028) and MPE/iX Commands Reference Manual, Vol. II (32650-90374), respectively.
