Accessing Files Programmer's Guide (32650-90885)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System

181

182

183

184

185

186

187

188

189

190

Chapter 13 185

Maintaining File Security

Traditional Mechanism for File Security

account.

Changing security provisions of disk ﬁles

The security provisions for both the account and group levels are managed only by users

with the system manager capability, while group level security is managed by users with

account manager capability. Even if you have only standard capabilities (IA, BA, SF), you

can change the security provisions for any disk ﬁle that you have created. You do this by

using the ALTSEC command, which permanently deletes all previous provisions speciﬁed

for this ﬁle at the ﬁle level, and replaces them with those deﬁned as the command

parameters. This command does not, however, affect any account-level or group-level

provisions that may cover the ﬁle. Furthermore, it does not affect the security provided by

the lockword (if one exists).

For example, suppose that you want to alter the security provisions for the ﬁle FILEX to

permit the ability to read, execute, and append information to the ﬁle only to the creating

user and the logon or home group users. You can do this with the following ALTSEC

command:

ALTSEC FILEX; (A,R,X:CR,GU)

Any parameters not included in the ALTSEC command are cleared.

To restore the default security provisions to this ﬁle, you would enter:

ALTSEC FILEX

Suppose that you have created a ﬁle named FILEZ for which you have allowed yourself

program-execute access only. You now wish to change this ﬁle's security provisions so that

any group user can execute the program stored within it, but only the group librarian can

read and write on it. Even though you do not have Read or Write access to the ﬁle, you can

still alter its security provisions by entering:

ALTSEC FILEZ; (X:GU;R,W:GL)

Table 13-13. Default Security Provisions (Traditional)

FILEREFEREN

FILE ACCESS\PERMI

TTED

SAVE

ACCESS\TO

GROUP

filename

.PUB.

SYS

Any ﬁle in

public group of

system account

(R,X:ANY;

W:AL,GU)

AL,GU

filename

groupname

SYS

Any ﬁle in any

group in system

account

(R,W,X:GU) GU

filename

.PUB.

accountname

Any ﬁle in

public group of

any account

(R,X:AC;

W:AL,GU)

AL,GU

filename

groupname

accountname

Any ﬁle in any

group in any

account

(R,W,X:GU) GU