Open System Services Porting Guide (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction to Porting
- 2 The Development Environment
- 3 Useful Porting Tools
- 4 Interoperating Between User Environments
- Purpose of Interoperability
- The OSS User Environment
- OSS Commands for the Guardian User
- Guardian Commands for the UNIX User
- OSS Pathname and Guardian Filename Conversions
- Running the OSS Shell and Commands From TACL
- Running Guardian Commands From the OSS Shell
- Running OSS Processes With Guardian Attributes
- Using OSS Commands to Manage Guardian Objects
- 5 Interoperating Between Programming Environments
- 6 OSS Porting Considerations
- 7 Porting UNIX Applications to the OSS Environment
- 8 Migrating Guardian Applications to the OSS Environment
- General Migration Guidelines
- C Compiler Issues for Guardian Programs
- Using New and Extended Guardian Procedures
- Using OSS Functions in a Guardian Program
- Interoperating With OSS Programs
- Starting an OSS Program From the Guardian Environment
- C Compiler Considerations for OSS Programs
- Porting a Guardian Program to the OSS Environment
- How Arguments Are Passed to the C or C++ Program
- Differences in the Two Run-Time Environments
- Which Run-Time Routines Are Available
- Use of Common Run-Time Environment (CRE) Functions
- Replacing Guardian Procedure Calls With Equivalent OSS Functions
- Which IPC Mechanisms Can Be Used
- Interactions Between Guardian and OSS Functions
- 9 Porting From Specific UNIX Systems
- 10 Native Migration Overview
- 11 Porting or Migrating Sockets Applications
- 12 Porting Threaded Applications
- A Equivalent OSS and UNIX Commands for Guardian Users
- B Equivalent Guardian Commands for OSS and UNIX Users
- C Equivalent Inspect Debugging Commands for dbx Commands
- D Equivalent Native Inspect Debugging Commands for dbx Commands
- E Standard POSIX Threads Functions: Differences Between the Previous and Current Standards
- Glossary
- Index
Porting UNIX Applications to the OSS Environment
Open System Services Porting Guide—520573-006
7-9
Security Model
Security Model
A common security model is implemented across the OSS and Guardian
environments. An object-oriented, access control mechanism is used in which the
attributes of the object, rather than the function used to access the object, determine
who can access the object; the security model of the target object applies. With this
security model, the Guardian access rules are used to access Guardian objects, and
the OSS access rules are used to access OSS objects. For OSS objects (files,
processes), the security mechanism used is identical to that used in other UNIX
environments. Security discussions related to accessing objects within the OSS and
Guardian environments follow.
Process-Identity Attributes
Process identity attributes are stored in the process control block for each process.
These are used to identify the user, the primary group to which the user belongs, and
the supplementary groups to which the user belongs. The process identity attributes
are used to determine which rights a user has as the owner of the process.
Process-identity attributes relevant in the OSS and Guardian environments are:
•
Authentication type
•
Effective user ID (EUID)
•
Effective group ID (EGID)
•
Group list
•
Logon name
Other process-identity attributes that are mostly useful in the OSS environment are:
•
Real user ID (RUID)
•
Real group ID (RGID)
•
Saved-set user ID (SSUID)
•
Saved-set group ID (SSGID)
OSS functions such as getpwnam(), getuid(), and so on, can be used to access
information about the user, alias, group, and other relevant process-identity attributes.
File Attributes and Access
OSS files have different attributes than Guardian disk files. For example, the file
protection bits, the file owner ID, and the group ID are stored differently for OSS files
than for Guardian disk files.
Guardian files are protected by a 12-bit security vector and optionally by the Safeguard
Access Control Lists (ACLs). The ACLs are associated with Guardian files.
The security vector associated with a Guardian file consists of four 3-bit permission
fields, one field for each permission: Read, Write, Execute, and Purge. The seven
classes of accessors (any, community, group, network, owner, super, user) are
encoded in the three bits.