Accessing Files Programmer's Guide (32650-90885)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System

151

152

153

154

155

156

157

158

159

160

160 Chapter13

Maintaining File Security

Access Control Deﬁnition Security (ACD)

Files

the owner of a ﬁle is any one of these three users:

• The creator of the ﬁle with which an ACD is associated

• The user who as am capability in the account in which the ﬁle resides

• The user who has sm capability on the system in which the ﬁle resides

Devices

The System Manager (SM) is the owner of all of the devices on a system.

How acds work

When a user attempts to access a ﬁle or to acquire a device, HPFOPEN or FOPEN is called,

and the system makes the following checks:

• Is the user an owner of the ﬁle or device; that is, is the user the creator of the ﬁle, the

account manager (AM capability), where the ﬁle resides or the system manager (SM

capability)? If so, permission is granted, and the checking ends.

•Ifnot, is there an ACD associated with the ﬁle or device?

— If there is no ACD, the system looks for authorization in the traditional MPE/iX ﬁle

access matrix and lockwords.

— If there is an ACD, the system searches, in this order, for the user:

1. speciﬁc names (

username.accountname

)

2. account groupings (

@.accountname

)

3. system groupings (

@.@

)

If a match is found, the user can access the device or ﬁle--as authorized (read,

write, execute, and so on)--and no further checking is done.

If there is no match, the user is denied entry, and no further checking is done.

It is important to note that if an ACD exists, the MPE/iX ﬁle access matrix and lockwords

are never consulted.

ACD modes

Any device or a ﬁle can be paired with an ACD.

An ACD is associated with a ﬁle or a device by pairing access modes with users. A user is

any username.accountname speciﬁcation.

The modes of access are:

R Read

W Write

A Append

L Lock