Manualshelf

Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
251252253254255256257258259260
statbuf.st_uid, statbuf.st_gid);
if(setregid( ((gid_t)-1), egid) < 0) {
fprintf(stderr, "Can't change effective group ID of process.\n");
exit(1);
}
if(chown("junkfile", (uid_t)-1, egid) < 0) {
fprintf(stderr, "Can't change group ID of file.\n");
exit(1);
}
if(stat("junkfile", &statbuf) < 0) {
fprintf(stderr, "Can't get status of file 'junkfile'\n");
exit(1);
}
printf("junkfile chown'ed with uid = %d, gid = %d\n",
statbuf.st_uid, statbuf.st_gid);
gid = getgid();
printf("Real group ID is");
printgroup(gid);
gid = getegid();
printf("and effective group ID is");
printgroup(gid);
printf("\n");
return(0);
}
This program produces the following output (software.abcde (1,5) is a member of SUPER
group):
/usr/abc: run a.out 255
Login name is SOFTWARE.ABCDE
Terminal pathname is /dev/tty
real UID is 261(SOFTWARE.ABCDE) and effective UID is 261(SOFTWARE.ABCDE)
Real group ID is 1(SOFTWARE) and effective group ID is 1(SOFTWARE)
The following supplementary groups are available:
1(SOFTWARE)
255(SUPER)
junkfile created with uid = 261, gid = 1
junkfile chowned with uid = 261, gid = 255
Real group ID is 1(SOFTWARE) and effective group ID is 255(SUPER)
Using OSS Access Control Lists (ACLs)
OSS access control lists (ACLs) are supported for certain files in Version 3 catalog OSS filesets on
systems running J-series RVUs, H06.08 and later H-series RVUs, or G06.29 and later G-series
RVUs.
OSS already enables nonprivileged users or processes, such as file owners, to allow or deny other
users access to files and other objects as determined by their user identity, group identity, or both.
This level of control is accomplished by setting or manipulating a file’s permission bits to grant or
restrict access by owner, group, and others (see the chmod(2) reference page).
ACLs offer a greater degree of selectivity than permission bits. ACLs allow a process whose effective
user ID matches the file owner, super ID, or a member of the Safeguard SECURITY-OSS-
ADMINISTRATOR security group to permit or deny access to a file to a list of specific users and
groups.
ACLs are supported as a superset of the UNIX operating system discretionary access control (DAC)
mechanism for files, but not for other objects such as interprocess communication (IPC) objects.
All OSS system calls that include pathnames are subject to the ACLs on any directory or file in the
path.
Using OSS Access Control Lists (ACLs) 259