MPE/iX Shell and Utilities Reference Manual, Vol 2

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

411

412

413

414

415

416

417

418

419

420

For more information about $GROUP_MASK, refer to New Features of MPE/iX: Using the Hierarchical

File System (32650-90351).

Returning Information About Access Permissions

An additional MPE/iX ACD access permission, read ACD (RACD

) access, is used to restrict a user from

reading access permissions of a directory or ﬁle. MPE/iX Shell and Utilities does not allow manipula-

tion of the RACD access permission. By default, all users have RACD

access to all objects created

through the MPE/iX Shell and Utilities. In addition, all directories on MPE/iX

allow, by default, RACD

access to all users. This default allows queries of directory and ﬁle access permissions to occur without

error.

MPE/iX provides facilities outside MPE/iX Shell and Utilities to manipulate the RACD access permission

of a directory or ﬁle. If a user invoking an MPE/iX Shell command or utility attempts to obtain security

information on a ﬁle or directory that does not allow RACD access to that user, a system error results

(see syserror(3)).

To determine if a user has

RACD access to a ﬁle or directory, enter the following at the shell prompt:

callci listfile absolute_pathname -2

where absolute_pathname is the absolute path name of the ﬁle or directory.

You can modify

RACD access to a ﬁle or directory using the MPE/iX CI

command ALTSEC, described in

the MPE/iX Reference Supplement (32650-90353).

MPE/iX Save Files (SF) Capability

When using MPE/iX Shell and Utilities, you must have

MPE/iX Save Files (SF) capability to create an

entry in a directory. The MPE/iX SF

capability acts as an additional access control mechanism. SF capa-

bility is an MPE/iX capability assigned to a system user through the

MPE/iX CI commands NEWUSER or

ALTUSER, described in the MPE/iX Reference Supplement (32650-90353).

To determine if a user has

SF capability, enter the following at the shell prompt:

callci listuser username.accountname

where username.accountname is a user ID string.

MPE/iX Lockwords

MPE/iX provides an additional access control mechanism, ﬁle lockwords, that is not accessible through

MPE/iX Shell and Utilities. Attempts to open an existing ﬁle that has a MPE/iX lockword result in a sys-

tem error (see syserror(3)).

A-6 MPE/iX Implementation Considerations