HPlogo Performing System Management Tasks: HP 3000 MPE/iX Computer Systems > Chapter 8 Allowing Access to the System

Controlling File Access with ACDs
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

ACDs are ordered lists of pairs (access permissions and user specification) that specify access to objects. An ACD takes precedence over certain other security features, such as lockwords and the file security matrix.

Files located outside of MPE groups and HFS directories are automatically assigned ACDs when they are created. By default, RACD (read ACD) is assigned to all users and only the owner can access the file or directory. The ACD can be modified using the ALTSEC command but the ACD cannot be deleted.

When files are renamed to a group outside the original account, they are automatically assigned ACDs. When a file located in an MPE group has its group ID (GID) changed to the GID of another account, an ACD is automatically assigned. The ACD can be modified using the ALTSEC command but it cannot be deleted.

Access modes

ACD pairs control the access and manipulation of HFS directories and the files within them. MPE/iX has enhanced ACDs to support four new ACD access modes. The ACD access modes are as follows:

Permissions common to files and directories

RACD

Copy or read the ACD.

NONE

Deny access.

File permissions

R

Read a file.

W

Write to a file.

L

Lock a file.

A

Append to a file.

X

Execute a file.

Directory permissions

CD

Create directory entries.

DD

Delete directory entries.

RD

Read directory entries.

TD

Traverse directory entries.

User specifications

The following new ACD user specifications are provided:

  • $OWNER specifies users whose UID maches the UID of the object. $OWNER enables file owners to voluntarily limit their access to an object. For example, file owners can grant themselves read-only access to a file to guard against accidentally modifying the file. The $OWNER user specification is the only way for file owners to limit their access to an object. If omitted, an owner has all access to hierarchical files.

  • $GROUP specifies users who GID matches the current group ID of the object. $GROUP permits dynamic reference to the GID of an object. This is useful because GIDs of files and directories can be changed programmatically, using chown in the MPE/iX shell, or use the :ALTFILE command. When the GID of a file is changed, it is not necessary to modify an ACD to correct file sharing.

  • $GROUP_MASK restricts the access granted by ACD entries other than $OWNER and @.@. When an ACD contains a $GROUP_MASK ENTRY, a user is granted a specific access mode only if it is listed in the ACD ENTRY the user matches (in the form user.account, @.account, and $GROUP) and in the $GROUP_MASK ENTRY.

You can use traditional user specifications to describe individuals or groups of users:

  • username.accountname specifies a single user

  • @.accountname specifies all users associated with the accountname account.

Capabilities

SM and AM capability are checked before ACDs or the file access matrix. Users with SM capability have unrestricted access to all file system objects.

Users with SM capability can create files outside of the logon account/group structure because they have implied CD access. Those without SM capability can only create files in directories where they explicitly have CD permission. Users must also have SF capability to save files in directories and SAVE access to save files in an MPE group.

Account managers may not have complete access to all objects in their account. Having AM capability enables a process to access file system objects if the GID of an object (GID represented by an account name) matches the GID (logon account) of the process. As a result, there may be cases where the GID of a file or directory within an account has been changed (programmatically, using chown() in the MPE/iX shell, or with the :ALTFILE command) so that an account manager for that account cannot access it. An account manager also may not have access to a file or directory in the account if it was created by a user with a different GID.

Lockwords

A file's creator can assign or remove a file lockword. Lockwords can only be assigned to files, not to directories. Lockwords can only be assigned to files in MPE groups.

All users are required to supply lockwords for files protected by active lockwords. You can embed lockwords in MPE syntax file names or you can type them in response to lockword prompting.

There is no way to specify a lockword using HFS syntax. Any attempt to open a file with a lockword using HFS syntax results in a lockword violation. The user is not prompted for the lockword.

Although system managers can assign ACDs to any file or directory in the system, they must supply the lockword for any lockword-protected files before they can assign an ACD. Once the file has an ACD, the ACD supersedes the lockword.

Restricting Access to /tmp

Because any user can build files in /tmp, you can restrict access by using the ALTSEC command.



Securing Disk Files
  		 


Chapter 9 Managing Disks  
Feedback to webmaster