Manualshelf

Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
261262263264265266267268269270
printf("Number of ACL entries = %d\n", prevCount);
/* Allocate space, reserving 1 extra ACL entry for the new GROUP entry */
newCount = prevCount + 1;
if (( aclEnt = (acl_t *) malloc( newCount * sizeof(acl_t))) == 0 ) {
printf("malloc error= %d, text = %s\n", errno, strerror(errno));
return 1;
}
/* Acquire the existing ACL on the object */
if ((prevCount = acl(pathname, ACL_GET, prevCount, aclEnt)) == -1 ) {
printf("acl(ACL_GET) error= %d, text = %s\n", errno, strerror(errno));
free(aclEnt);
return 1;
}
printAcl("Existing ACL entries", aclEnt, prevCount);
/* add new GROUP acl entry at the end of the ACL */
aclEnt[ newCount-1 ].a_type = GROUP;
aclEnt[ newCount-1 ].a_id = groupId;
aclEnt[ newCount-1 ].a_perm = READPERM;
printAcl("New ACL entries before aclsort()",aclEnt, newCount);
/* sort all of the ACL entries into proper order for acl( ACL_SET) */
if ((error = aclsort(newCount, CALCCLASS, aclEnt)) != 0 ) {
printf("aclsort() error = %d\n", error);
free(aclEnt);
return 1;
}
printAcl("New ACL entries after aclsort()", aclEnt, newCount);
/* now set the new ACL on the object */
if ((error = acl(pathname, ACL_SET, newCount, aclEnt)) == -1 ) {
printf("acl(ACL_SET) error= %d, text = %s\n", errno, strerror(errno));
free(aclEnt);
return 1;
}
free( aclEnt );
return 0;
}
Restricted-Access Filesets and File Privileges
On systems running J06.11 or later J-series RVUs or H06.22 or later H-series RVUS, OSS Version
3 catalog filesets can be configured as restricted-access filesets. Restricted-access filesets deny the
super ID (255,255 in the Guardian environment, 65535 in the OSS environment) special access
privileges.
However, because some applications still require special privileges for accessing restricted-access
file sets, the J06.11 and H06.22 RVUs introduce the file privilege file attribute, which is used for
executable files, user libraries, and ordinary DLLs. System DLLs (provided as part of the system
files) and public DLLs (installed by the system administrator) do not require file privileges.
The combination of the Safeguard security groups and file privileges restricts the use of special
access privileges in restricted-access filesets to certain system management tasks (like backing up
and restoring files using the Backup and Restore 2 product) and to customer-designated programs.
270 Managing OSS Security