Security Management Guide (G06.29+, H06.08+, J06.03+)
OSS System Security
Security Management Guide — 522283-021
4 - 4
Access Control Lists
Unlike Guardian files, no purge permission exists for OSS files. Write permission for a
file allows the contents to be deleted, but write permission for the file’s directory is also
required to remove the file name.
Figure 4-1 shows the format of a file-permission code.
The first character of the permission code indicates the file type. A dash (-) character in
this position indicates an ordinary file, and the letter d indicates a directory.
The remainder of the permission code consists of three sets of three characters
specifying permissions for the file owner, file group, and all others, respectively. A dash
in any of these positions indicates that the permission is denied. For example, a
permission code of -rwxr-xr-- indicates that the file owner can read, write, and execute
the file; members of the file group can read and execute the file; and all others can
read the file.
For more information about underst
anding permissions, see the Open System
Services User’s Guide.
Access Control Lists
The access control lists (ACLs) consist of a set of one-line entries associated with a file
that specifies permission. Each entry specifies a set of access permissions for one
user-ID or group-ID, which includes read, write, and execute or search.
ACL Notation
Supported commands that manage ACLs recognize these symbolic representation:
Figure 4-1. OSS File and Directory Permissions
Note. The access control lists are supported only on systems running G06.29 and later
G-series RVUs and H06.08 and later H-series RVUs.
Owner
Group Others
-rwxrwxrwx
Type
Types
- (regular/ordinary file)
d (directory)
b (block)
c (character special file)
p (named-pipe special file)
Permissions
r =read
w= write
x = execute
X for S_IXUSR, S_IXGRP, or S_IXOTH in the
“execute” position
s for set user ID or set group ID, in the owner
or group “execute” position
t for text segment (the sticky bit), in the other
“execute” position
- no permission
VST0401.vsd
s (AF_UNIX socket)