Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

311

312

313

314

315

316

317

318

319

320

open(2) OSS System Calls Reference Manual

• If the open requires ﬁle creation, the Guardian ﬁle created will be Format 1, odd, unstruc-

tured, and ﬁle code 180.

• If the open requires ﬁle creation, the ﬁle is given access permissions compatible with the

standard security permissions for the Guardian creator access ID (CAID) of the calling

process.

During open() processing, all access permissions are checked. This includes Guardian environ-

ment checks by Guardian standard security mechanisms (and by the Safeguard product) for

Guardian disk ﬁle and process access.

Considerations for Restricted-Access Filesets

When accessing a ﬁle in a restricted-access ﬁleset, the super ID (255,255 in the Guardian

environment, 65535 in the OSS environment) is restricted by the same ﬁle permissions and

owner privileges as any other user ID.

Executable ﬁles that have the PRIVSETID ﬁle privilege and that are started by super ID can per-

form privileged switch ID operations (such as by using the setuid() function) to switch to

another ID and then access ﬁles in restricted-access ﬁlesets as that ID. Executable ﬁles without

the PRIVSETID ﬁle privilege that perform privileged switch ID operations are unconditionally

denied access to restricted-access ﬁlesets.

Executable ﬁles that have the PRIVSOARFOPEN privilege and that are started by a member of

the Safeguard SECURITY-OSS-ADMINISTRATOR (SOA) group have the appropriate privilege

to use this function on any ﬁle in a restricted-access ﬁleset. Network File System (NFS) clients

are not granted SOA group privileges, even if these clients are accessing the system with a user

ID that is a member of the SOA security group.

If a ﬁle opened for writing has ﬁle privileges such as PRIVSOARFOPEN or PRIVSETID, these

ﬁle privileges are removed. Only Members of Safeguard SECURITY-PRV-ADMINISTRATOR

(SEC-PRIV-ADMIN or SPA) group are permitted to explicitly set ﬁle privileges. File privileges

can be set using the setﬁlepriv() function or the setﬁlepriv command only.

For more information about restricted-access ﬁlesets and ﬁle privileges, see the Open System Ser-

vices Management and Operations Guide.

Use From the Guardian Environment

A call to the open() function in the Guardian environment requires an OSS pathname and returns

an OSS ﬁle-system ﬁle descriptor, regardless of the ﬁle system containing the ﬁle.

The open() function belongs to a set of functions that have these effects when the ﬁrst of them is

called from the Guardian environment:

• Two Guardian ﬁle-system ﬁle numbers (not necessarily the next two available) are allo-

cated for the root directory and the current working directory. You cannot close these ﬁle

numbers by calling the Guardian FILE_CLOSE_ procedure.

• The current working directory is assigned from the VOLUME attribute of the Guardian

environment =_DEFAULTS DEFINE.

• The use of static memory by the process increases slightly.

These effects occur only when the ﬁrst of the set of functions is called. The effects are not cumu-

lative.

5−10 Hewlett-Packard Company 527186-023