Manualshelf

Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
System Functions (a - d) chmod(2)
Access Control Lists (ACLs)
When you execute the chmod() function, you can change the effective permissions granted by
optional entries in the ACL for a file. In particular, using the chmod() function to remove read,
write, and execute permissions from a file owner, owning group, and all others works as
expected, because the chmod() function affects the class entry in the ACL, limiting any access
that can be granted to additional users or groups through optional ACL entries. To verify the
effect, use getacl command on the file after the chmod() function completes and note that all
optional (nondefault) ACL entries with nonzero permissions also have the comment
# effective:---.
To set the permission bits of ACL entries, use the acl() function instead of the chmod() function.
ACLs are not supported for symbolic links.
Accessing Files in Restricted-Access Filesets
When accessing a file in a restricted-access leset, the super ID (255,255 in the Guardian
environment, 65535 in the OSS environment) is restricted. In a restricted-access fileset:
The super ID (255,255 in the Guardian environment, 65535 in the OSS environment) is
not permitted to invoke this function on files that it does not own unless the executable
file started by the super ID has the PRIVSETID file privilege. In this case, the process
started by the super ID can switch to another ID and then access files in restricted-access
filesets as that ID.
Processes that are started by a member of the Safeguard SECURITY-OSS-
ADMINISTRATOR (SOA) group have the appropriate privilege to use this function on
any file in a restricted-access leset. However, if the executable file for the process does
not have the PRIVSOARFOPEN file privilege, the set-user-ID and set-group-ID bits of
the file mode (04000 and 02000 respectively) of the file accessed by this function are
cleared.
Network File System (NFS) clients are not granted SOA group privileges, even if these
clients are accessing the system with a user ID that is a member of the SOA security
group.
For more information about restricted-access lesets and file privileges, see the Open System Ser-
vices Management and Operations Guide.
Use on Guardian Objects
Attempting to set the access permissions on a Guardian file (that is, a file in the /G file system)
fails with errno set to [EINVAL].
Use From the Guardian Environment
The chmod() function is one of a set of functions that have these effects when the first of them is
called from the Guardian environment:
Two Guardian file system file numbers (not necessarily the next two available) are allo-
cated for the root directory and the current working directory. These file numbers cannot
be closed by calling the Guardian FILE_CLOSE_ procedure.
The current working directory is assigned from the VOLUME attribute of the Guardian
environment =_DEFAULTS DEFINE.
The use of static memory by the process increases slightly.
These effects occur only when the first of the set of functions is called. The effects are not cumu-
lative.
527186-023 Hewlett-Packard Company 123