Manualshelf

Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Guardian applications that use file data and ignore file attributes are unaffected if all of these
conditions are true:
The application is running on J-series RVUs, H06.06 or later H-series RVUs, or G06.29 or
later G-series RVUs.
The Format 2 file is unstructured, code 180 with an EOF less than the Format 1 limit of
approximately 4 GB.
However, FILE_OPEN_ fails with error 580 if any of these conditions are true:
The RVU is earlier than G06.29 or H06.06
The file code is not 180
The EOF is greater than the Format 1 limit
Recovery choices include:
Change the application to accept Guardian Format 2 files.
Protect the application by converting the file to Guardian Format 1 using the following steps:
>FUP CREATE TEMP, FORMAT 1, TYPE U, ODDUNSTR, CODE 180, &
EXT (28,1400), MAXTENTS 749
>FUP COPY myfile,TEMP
>FUP PURGE myfile
>FUP RENAME TEMP,myfile
Protect the application by creating the file as a Guardian Format 1 file and then appending
data to the file. For example, replace the command:
cp myfile /G/disk/subvol/myfile
With the commands:
gtacl -c 'FUP CREATE $disk.subvol.myfile, FORMAT 1, TYPE U, ODDUNSTR, CODE 180, EXT (28,1400),
MAXTENTS 749
cat myfile >> /G/disk/subvol/myfile
Accessing OSS SEEP-Protected Files
Since the J06.03, H06.08, and G06.29 RVUs, Safeguard provides the feature that allows a partner
or customer Security Event-Exit Process (SEEP) to participate in security policy enforcements of
Guardian objects (files, subvolumes, and volumes). This security feature was not supported for OSS
objects.
Beginning with the J06.15 and H06.26 RVUs, a partner or customer OSS SEEP is supported and
can participate in access-control decisions for OSS objects. This capability increases the acceptability
of OSS-based applications to security auditors and improves OSS security manageability.
The OSS name server consults the OSS SEEP for access authorization during operations on files
when both of the following conditions are true:
The file resides in a Version 3 catalog fileset that is OSS SEEP-protected. The fileset's
SEEPPROTECTED attribute must be set to ON.
The corresponding OSS name server is OSS SEEP-enabled. The OSS name server's
SEEPENABLED attribute must be set to ON and the OSS SEEP must be running.
The final outcome of the operation depends on:
OSS SEEP's authorization ruling
POSIX access control lists (ACLs) and standard OSS permissions evaluations result
Accessing OSS SEEP-Protected Files 83