|
|
Performing System Management Tasks: HP 3000 MPE/iX Computer Systems > Chapter 8 Allowing Access to the SystemSecuring Disk Files |
|
File security addresses the question, "Who has what types of access to which files?" The security system you implement depends on the particular system, its location, and its applications. At a minimum, you choose which types of users have access to an account, an MPE group, or a file and what kind of access they have. For example, you may decide that any user can read files in an account, but only certain users can execute its program files. To identify a user's file access, use the LISTACCT or LISTGROUP commands. For example, to display the security of a particular account, enter:
Or, to display the security of a particular group, enter:
File access modes describes what kind of access a user has to a file. The following table defines these modes: Table 8-3 File Access Modes
Security is established for a file, group, and account by specifying which types of users have each specific access type. For example, to allow anyone to run (execute) a program, specify X:ANY. The following table lists user types available to the file access modes. Table 8-4 User Types
To establish security for a file, group, or account, use the NEWACCT, ALTACCT, NEWGROUP, and ALTGROUP commands with the ACCESS parameter. The following examples illustrate how to establish security with these commands:
To access a file, a user must have capability at the most restrictive level of security applied to the file (account, group, or file). If someone fails to meet access criteria for any one of the three levels of security, that user cannot access the file. File-access restrictions for an account or group are set when you or the account manager creates them. The system assigns the following defaults for file access when they are not explicitly defined: Table 8-5 Default File Access for Accounts
Table 8-6 Default File Access for Groups
File-level values default to (R, A, W, L, X: Any). |
|