Open System Services Programmer's Guide
Restricted-Access Filesets
Applications that depend on the super ID for file access are subject to additional restrictions for
files that are in restricted-access filesets. When accessing a file in a restricted-access fileset, the
super ID is restricted by the same file permissions and owner privileges as any other user ID: It has
no special privileges unless the executable file started by the super ID has the PRIVSETID file privilege
(see “File Privilege File Attribute” (page 272)). Therefore the super ID is denied special access
privileges when using functions such as these:
access()
acl()
bind()
chdir()
chmod(), lchmod(), and fchmod()
chown(), lchown(), and fchown()
creat(), and creat64()
link()
mkfifo()
mknod()
open(), and open64()
opendir()
readdir()
remove()
rename_oss()
rmdir()
setfilepriv()
unlink()
utime()
Instead of the super ID, it is members of the Safeguard SECURITY-OSS-ADMINISTRATOR (SOA)
security group, sometimes in combination with executable files that have file privileges, that have
the appropriate privileges to directly perform the operations permitted to the super ID in unrestricted
OSS filesets.
Members of the SOA security group have the same privileges to manage files in restricted-access
filesets as they have to manage files in unrestricted filesets. That is, when they are
locally-authenticated, they can use these functions and commands on files they do not own:
acl(ACL_SET)
chdir()
chmod(), lchmod(), and fchmod()
3
chown(), lchown(), and fchown()
3
opendir()
readdir()
Network File System (NFS) clients are not granted SOA group privileges, even if these clients are
accessing the system with a user ID that is a member of the SOA security group.
To use all the functions a super ID would be allowed to use in an unrestricted fileset on a file that
is in a restricted-access fileset, the executable file (including any user libraries or ordinary DLLs)
that uses the functions must both:
• Be started by a locally-authenticated member of the SECURITY-OSS-ADMINISTRATOR group
• Have the PRIVSOARFOPEN file privilege
Restricted-access filesets have the RESTRICTEDACCESS attibute set to a value other than DISABLED.
By default, restricted-access filesets are audited. For more information about restricted-access
filesets, see the Open System Services Management and Operations Guide.
3. If the executable file that uses this function does not have the PRIVSOARFOPEN privilege, the set-user-ID and set-group-ID
bits of the file mode (04000 and 02000 respectively) of the file in the restricted-access fileset are cleared.
Restricted-Access Filesets and File Privileges 271