Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

261

262

263

264

265

266

267

268

269

270

DP2BUFFERED

OSSBUFFERED

• If an FTIOMODE setting of OSSBUFFEREDCP or a NORMALIOMODE setting of

OSSBUFFEREDCP or OSSBUFFERED is used, the OSS filesystem buffers the data unless there

are file opens from processes in more than one processor and at least one of the file opens

has write permission. In that case, DP2BUFFEREDCP behavior occurs instead of

OSSBUFFEREDCP behavior or DP2BUFFERED behavior occurs instead of OSSBUFFERED

behavior.

• The RESTRICTEDACCESS attribute determines whether this fileset is a restricted-access fileset:

A fileset with its RESTRICTEDACCESS attribute set to DISABLED is an unrestricted fileset.

Unrestricted Version 3 catalog filesets on systems running J06.11 or later J-series RVUs

◦

or H06.22 or later H-series RVUs are identical to Version 3 catalog filesets on systems

running earlier RVUs. For these filesets, the super ID has appropriate privileges to perform

privileged operations on any file in the fileset. To use the ADD FILESET command to add

a fileset with a RESTRICTEDACCESS attribute of DISABLED, you must be a member of the

super-group (255,nnn). The RESTRICTEDACCESS fileset attribute for the root fileset is

required to be DISABLED.

◦ A fileset with its RESTRICTEDACCESS attribute set to ENABLED or LOCAL is a

restricted-access fileset. ENABLED specifies that the fileset is allowed to be accessed

remotely only by NonStop systems with restricted access fileset support. LOCAL specifies

that the fileset is allowed to be accessed remotely by NonStop systems with or without

support for restricted-access filesets. To set the RESTRICTEDACCESS attribute to ENABLED

or LOCAL, you must be logged on to the local system as a user ID that is a member of

the Safeguard SECURITY-PRV-ADMINISTRATOR (SPA) security group and a member of

the super group (255, nnn), but is not the super ID (255, 255) or a member of the

Safeguard SECURITY-OSS-ADMINISTRATOR (SOA) group.

◦ NonStop systems without support for restricted-access filesets have a lower level of

protection against unauthorized access by super ID to restricted-access filesets because

they have no support for the OSS file privileges attribute. Therefore, LOCAL is intended

to be used as a temporary setting until all remote NonStop systems permitted to access

the fileset are upgraded to RVUs that include support for restricted-access filesets.

◦ The setting or modification of the RESTRICTEDACCESS or the AUDITENABLED fileset

attribute is unconditionally audited and generates an EMS event.

◦ To alter the AUDITENABLED or RESTRICTEDACCESS attributes of a restricted-access fileset,

you must be logged on to the local system as a user ID that is a member of the Safeguard

SECURITY-PRV-ADMINISTRATOR (SPA) security group and a member of the super group

(255, nnn), but is not the super ID (255, 255) or a member of the Safeguard

SECURITY-OSS-ADMINISTRATOR (SOA) group.

For more information about restricted-access filesets, see “Using Restricted-Access Filesets and

File Privileges” (page 228).

• OSS SEEP considerations (J06.15/H06.26 and subsequent RVUs):

Only a member of both the SOA group and Super group are allowed to set or alter the

SEEPPROTECTED attribute.

◦

◦ Even if the fileset’s SEEPPROTECTED attribute is set to ON, OSS SEEP consultation for

access authorization happens only if the SEEPENABLED attribute of the OSS name server

is set to ON and the OSS SEEP is running.

◦ The setting or modification of the fileset's SEEPPROTECTED attribute is unconditionally

audited.

OSS Monitor SCF Command Reference Information 263