SQL/MX 2.x Installation and Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Planning Database Security and Recovery

HP NonStop SQL/MX Installation and Management Guide—523723-004

5-3

OSS File and Directory Security

•

x (execute) for execute the file as a program, or search a directory

•

X for S_IXUSR, S_IXGRP, or S_IXOTH in the “execute” position

•

s for set user ID or set group ID, in the owner or group “execute” position

•

t for test segment (the sticky bit), in the others “execute” position

•

s for an AF_UNIX socket under types

•

- for “regular” file under types

Users on the system are classified as one or more of these:

•

u (user/owner)

•

g (group)

•

o (all others; also known as “world”)

Unlike Guardian files, no purge permission exists for OSS files. Write permission for a

file allows the contents to be deleted, but write permission for the file’s directory is also

required to remove the file name.The first character of the permission code indicates

the file type. A dash (-) character in this position indicates an ordinary file, and the

letter d indicates a directory.

The remainder of the permission code consists of three sets of three characters

specifying permissions for the file owner, file group, and all others, respectively. A dash

in any of these positions indicates that the permission is denied. For example, a

permission code of -rwxr-xr-- indicates that the file owner can read, write, and execute

the file; members of the file group can read and execute the file; and all others can

read the file.

For more information about understanding permissions, see the Open System

Services User’s Guide.

File and Directory Commands

Only the file owner or the super ID can alter a file’s permission bits and thereby control

access to that file. For detailed descriptions of the commands to alter these bits, see

the Open System Services User’s Guide.

Like the FILEINFO and FUP INFO commands in the Guardian environment, the ls

command in the OSS environment allows users to display information, including the

permission codes, for their files and directories. Users can change the permissions by

using the chmod command, which performs a function similar to that of the FUP

SECURE command in the Guardian environment. In addition, the file’s group can be

changed by using the chgrp command.

Unlike the FUP GIVE command in the Guardian environment, the OSS chown

command cannot be used by the file owner to transfer ownership of a file. Only the

super ID can transfer file ownership by using the chown command.

OSS automatically assigns default permissions to files and directories when they are

created. The umask command can be used to establish a user mask, which specifies

the maximum permissions that can be applied to a file or directory when it is created.