Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)
File Privilege File Attribute
On systems running J06.11 or later J-series RVUs or H06.22 or later H-series RVUs, files have an
additional file privilege attribute that specifies which special privileges, if any, a file has when
accessing files in a restricted-access fileset. For example:
• The executable files for the Backup and Restore 2 product can be given the PRIVSOARFOPEN
file privilege to allow a locally-authenticated member of the Safeguard
SECURITY-OSS-ADMINISTRATOR (SOA) group to back up and restore files that are in a
restricted-access fileset (see “PRIVSOARFOPEN File Privilege” (page 230) and “Backup and
Restore 2 Product and Restricted-Access Filesets” (page 192)).
• An executable file can be given the PRIVSETID file privilege to allow the super ID to use a
privileged switch operation, such as setgid() or setuid(), to switch to another user ID
or group ID and, based on the permissions for that ID, access a file in a restricted-access fileset
(see “PRIVSETID File Privilege” (page 230)).
File privileges:
• Can be set on any OSS regular file or Guardian disk file, whether or not that file is in a
restricted-access fileset. However, file privileges only have impact on executable code files,
user libraries, and private DLLs.
A process created from an executable file has the privileges of that executable file. Any user
library or private DLL used by that process must also have the file privileges of the executable
file:
◦ If an executable file has the PRIVSOARFOPEN file privilege and is started by a member
of the Safeguard SOA group, then any user library or ordinary DLL used by that process
must also have the PRIVSOARFOPEN privilege. Otherwise, an error is reported when the
process attempts to load that library or DLL.
◦ If the executable file has the PRIVSETID file privilege and is started by the super ID, then
any user library or ordinary DLL loaded by the process must also have the PRIVSETID file
privilege. Otherwise, an error is reported when the process attempts to load that library
or DLL.
System DLLs (provided as part of the system files) and public DLLs (installed by the system
administrator) do not require file privileges.
• Are ignored when accessing files that are not in a restricted-access fileset.
• Can be set only by members of the Safeguard SECURITY-PRV-ADMINISTRATOR (SPA) group,
using the setfilepriv command or the setfilepriv() function. In addition, a member
of the SPA group can use the initfilepriv command to set the appropriate privileges for
the executable files of the Backup and Restore 2 product (see “Backup and Restore 2 Product
and Restricted-Access Filesets” (page 192)).
• Are removed whenever a file is modified. When an executable file, user library, or private
DLL that requires or has file privileges is newly installed or modified, a member of the SPA
group must set or restore those file privileges. This requirement allows the SPA group members
to control modifications to files that allow privileged access to files in restricted-access filesets.
Use the getfilepriv command to get information about the file privileges for a file. For
information about the getfilepriv command, see the getfilepriv(1) reference page either
online or in the Open System Service Shell and Utilities Reference Manual.
For information about the setfilepriv command, see the setfilepriv(1) reference page
either online or in the Open System Service Shell and Utilities Reference Manual. For more
information about the setfilepriv() function, see the setfilepriv(2) reference page either
online or in the Open System Service System Calls Reference Manual.
Protecting Your System 229