Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
OSS System Security
Security Management Guide522283-008
4-6
File and Directory Commands
ACL Uniqueness
Entries are unique in each ACL. There can only be one of each type of base entry, and
one entry for any given user or group ID. Likewise, there can only be one of each type
of default base entry, and one default entry for any given user or group ID.
ACL Inheritance
When a directory's ACL contains default entries, those entries are not used in
determining access to the directory itself. Instead, when every time a file is created in
the directory, the directory's default ACL entries are added as non-default ACL entries
to the new file.
File and Directory Commands
Only the file owner or the super ID can alter a file’s permission bits and thereby control
access to that file. Table 4-1 on page 4-6 summarizes the OSS shell commands
commonly used to change file permissions and manage files and directories. For OSS
file and directory permissions, see Figure 4-1 on page 4-4. For detailed descriptions of
these commands, see the Open System Services User’s Guide.
Like the FILEINFO and FUP INFO commands in the Guardian environment, the ls
command in the OSS environment allows users to display information, including the
permission codes, for their files and directories. Users can change the permissions by
using the chmod command, which performs a function similar to that of the FUP
SECURE command in the Guardian environment. In addition, the file’s group can be
changed by using the chgrp command.
Unlike the FUP GIVE command in the Guardian environment, the OSS chown
command cannot be used by the file owner to transfer ownership of a file. Only the
super ID can transfer file ownership by using the chown command.
Table 4-1. OSS File and Directory Commands
Command Function
chgrp Changes group ownership of a file or directory
chmod Changes permissions for a file or directory
chown Changes owner of a file or directory
mkdir Creates a new directory
ls Lists information about a file or directory
mv Moves (renames) a file or directory
rm Removes a directory entry
rmdir Removes a directory
umask Sets a file mode creation mask