Safeguard User's Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

101

102

103

104

105

106

107

108

109

110

Safeguard User’s Guide—422089-009

A-1

A Guardian File Security

The Guardian environment automatically provides a basic level of security for all disk

files. You can manipulate Guardian file security through TACL and FUP. In particular,

you can:

•

Display your default security string with the TACL WHO command

•

Change your default security string with the DEFAULT program

•

Display the security string for a specific file with the TACL FILEINFO command or

the FUP INFO command

•

Change the security string for a file you own with the FUP SECURE command

You cannot change the security string for files that are protected by the Safeguard

subsystem.

This appendix summarizes Guardian security for disk files and reviews the methods

you can use to verify and change that security. For complete details on these subjects,

refer to the Guardian User's Guide.

File Security String

Each disk file has an owner and a Guardian security string. You are the owner of a file

if you create that file. When you create a file, it is automatically given the default

security string defined for you. You can change your default security string or specify a

different security string for an individual file. In addition, you can transfer ownership of

a file to another user.

The security string specifies a level of security for each of four types of access to a disk

file: read (R), write (W), execute (E), and purge (P). These types of access are similar

to the Safeguard authorities defined in an access control list. However, there is no

owner authority in a security string. Although you can transfer ownership of a disk file

under Guardian security, you cannot share ownership.

The security string consists of four characters. Each position in the string sets the

security for one of four disk file operations:

RWEP

•

The first position (R) specifies who can read the file.

•

The second position (W) specifies who can write to the file.

•

The third position (E) specifies who can execute the file.

•

The fourth position (P) specifies who can purge the file.

In each position, you can use one of the seven codes shown in Table A-1 to specify

who can perform the associated operation. These codes typically designate groups of

users, unlike Safeguard file security, in which individual users can be given specific

levels of security.