Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
OSS System Security
Security Management Guide522283-008
4-3
OSS File and Directory Security
(C) authority on the access control list for that volume. If the user does not have create
authority on that access control list, the Safeguard software denies the file-creation
attempt.
OSS File and Directory Security
Like Guardian files, each OSS file has an owner and a security string that determines
access to the file. Although the security string associated with an OSS file provides a
function similar to that of the Guardian file security string, its format differs substantially.
Permission Codes
The OSS environment uses permission codes to provide security for disk files.
Directories are also protected by permission codes because they are considered to be
a special type of file. The permission code, also known as permission bits, specifies
who has read, write, and execute access permission for the file or directory. You
protect your files and directories by setting and altering their permission codes as
necessary.
The permission code for a file or directory allows you to grant or deny read, write, and
execute permissions for each of three separate classes of users: the file owner, the file
group, and all others. The access permissions are defined as follows:
r (read) for view or print a file, or read a directory
w (write) for change or delete a file, or add or delete directory entries
x (execute) for execute the file as a program, or search a directory
X for S_IXUSR, S_IXGRP, or S_IXOTH in the “execute” position
s for set user ID or set group ID, in the owner or group “execute” position
t for test segment (the sticky bit), in the others “execute” position
s for an AF_UNIX socket under types
- for “regular” file under types
Users on the system are classified as one or more of the following:
u (user/owner)
g (group)
o (all others; also known as “world”)
Unlike Guardian files, no purge permission exists for OSS files. Write permission for a
file allows the contents to be deleted, but write permission for the file’s directory is also
required to remove the file name.
Note. Starting with G06.26, Safeguard volume protection records are no longer consulted for
creation of NonStop Open System Services (OSS) files.