Security Management Guide (G06.24+, H06.03+)
Concerns for the User
Security Management Guide—522283-008
5-13
Erasing Purged Files With CLEARONPURGE
to GUGU, which gives your local group members read and execute authorities to the
new files you create. This new setting takes effect the next time you log on.
14> DEFAULT ,"GUGU"
THE DEFAULT file-security HAS BEEN CHANGED TO "GUGU".
Default File Security Settings
When a process creates a file in the Guardian environment, the file inherits the file-
creation security setting of that process.
For example, you might use the TACL command interpreter to run a text editor to
create a file. The security setting assigned to the new file is the file-creation security
setting of your text editor process, which, in turn, is the same as your TACL default file-
creation security setting. For example, if your TACL default file-creation security setting
is CUCU, the processes created by that TACL process also have the same file-creation
security setting of CUCU. Files created by those processes will initially have the same
security (CUCU) unless the program takes special action to change the security
setting.
Each process inherits a default file-creation security setting from its creator process. To
change its default file-creation security setting, a process calls the
PROCESS_SETINFO_ system procedure.
Summary of File Security Setting Defaults
Table 5-3 summarizes how the various security settings are determined in your
Guardian environment.
Erasing Purged Files With CLEARONPURGE
To ensure that purged files are erased, the file owner must designate the
CLEARONPURGE setting before the file is purged. If CLEARONPURGE is
designated, purging a file also erases it. Otherwise, purging a file only releases the
space it occupies without erasing the file’s contents. Until the vacated space is reused
Table 5-3. Security Setting Derivation
Security Setting Setting Comes From Setting Can Be Changed By
Logon default file-creation
security setting
ADDUSER DEFAULT command
TACL default file-creation
security setting
Logon default VOLUME command
Process file-creation security
setting
Creator process PROCESS_SETINFO_
Disk file security setting Creator process FUP SECURE command or
SETMODE