MPE/iX Shell and Utilities Reference Manual, Vol 2

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

411

412

413

414

415

416

417

418

419

420

Table A-3 shows how POSIX.1 ﬁle user classes correspond to MPE/iX ACD user speciﬁcations.

POSIX.1 File Classes ACD User Speciﬁcations

File owner $OWNER

File group $GROUP and $GROUP_MASK

File other @.@

Table A-3: Mapping Between POSIX.1 and ACD User Classes

If you are accessing ﬁles that were not created through

MPE/iX Shell and Utilities or whose security was

modiﬁed by MPE/iX commands or system intrinsics, the ACDs may be missing any or all of the four

POSIX.1 ACD user speciﬁcation entries ($OWNER, $GROUP, $GROUP_MASK, and @.@). ACDs missing

any of these four ACD user speciﬁcation entries are still POSIX.1-compliant since they can be regarded

as containing default values for the missing ACD entries.

MPE/iX ACD evaluation is consistent with default access values of all for missing $OWNER and

$GROUP_MASK entries and no for missing $GROUP and @.@ entries. If an

ACD contains an @.@ entry

and lacks a $GROUP entry, members of the ﬁle group class are mapped to the @.@ entry.

For example, the

ACD

entries R,W,X:$OWNER and R,W,X:JOE.FINANCE are equivalent if the user

ID located in the ﬁle label of the ﬁle is JOE.FINANCE. Likewise, the ACD entries R,W,X:$GROUP

and R,W,X:@.FINANCE are equivalent if the group

ID (GID) associated with the MPE/iX FINANCE

account is the same as the GID

associated with the ﬁle.

$GROUP_MASK

The MPE/iX ACD user speciﬁcation, $GROUP_MASK, allows the less expressive 9-bit security in MPE/iX

Shell and Utilities to provide greater control over the more expressive security provided by MPE/iX

ACDs. Access modes speciﬁed by $GROUP_MASK serve to restrict access permissions speciﬁed by

$GROUP.

When the

ACD contains only the four POSIX.1 ACD user speciﬁcations (the default condition for all ﬁles

and directories created through MPE/iX Shell and Utilities), modiﬁcations made to access permissions

associated with the $GROUP entry are also made to the access permissions associated with the

$GROUP_MASK. This ensures that the two entries remain synchronized.

The behavior of $GROUP and $GROUP_MASK is different when an ACD contains user speciﬁcation

entries beyond $OWNER, $GROUP, $GROUP_MASK, and @.@that are not $OWNER or @.@ are consid-

ered to be members of the POSIX.1 ﬁle group class. The $GROUP_MASK entry restricts all members of

the ﬁle group class to the access permissions associated with $GROUP_MASK.

Note: When an ACD contains entries other than the four POSIX.1 ACD user speciﬁcation entries

($OWNER, $GROUP, $GROUP_MASK, and @.@), modiﬁcations made to the ﬁle group class using the

shell chmod command modify only the ACD $GROUP_MASK user speciﬁcation (instead of both

$GROUP and $GROUP_MASK). This conforms to rules speciﬁed in the current draft of the POSIX.6

standard.

MPE/iX Implementation Considerations A-5