ALTSEC



ALTSEC

     Changes the access permissions of an object by altering its
access control definition (ACD).

ACDs are the main method of controlling access to files,
hierarchical directories, and devices. ACDs are automatically
assigned to hierarchical directories and to files existing in
hierarchical directories.

You can change the access permission for a file, a hierarchical
directory, a device, and a device class. You cannot use ALTSEC
to change access permissions for an MPE group, account, or the
root directory.

SYNTAX

     ALTSEC objectname [,{FILENAME}]
{LDEV}
{DEVCLASS}

[,[ACCESS=](fileaccess[,[fileaccess][; ...]])]
[{;NEWACD=} {(acdpair[;acdpair][; ...])}]
{;ADDPAIR=} {^filereference}
{;REPPAIR=}

[{;REPACD=}{(acdpair[;acdpair][; ...])}]
{^filereference}
{objectname}

[;DELPAIR= {(userspec[;userspec][; ...])}]
{^filereference}

[;COPYACD= objectname {,FILENAME}] [;DELACD] [;MASK]
{,LDEV}

PARAMETERS

objectname          An actual file designator, a directory name,
logical device number, device name or device
class whose security provisions are to be altered.

Either MPE or Hierarchical File System (HFS) file
name syntax may be used for the actual file
designator of the file or directory whose access
permissions are to be altered.

Wildcard characters may only be used with MPE
syntax files residing in a group.

MPE Syntax

MPE file name syntax may include lockwords but not
RFA information. If the object is an MPE syntax
file, its format is:

filename[/lockword][.groupname[.acctname]]

A logical device number must be a numeric value
and be configured on the system.

A device class name must be configured on the
system.

File lockwords must be specified for files
protected by active lockwords unless the object
is also protected by a current ACD.

In a batch job, if a lockword exists on a file
it must be specified. In a session, if a
lockword exists and is omitted, MPE/iX prompts for
it.

HFS Syntax

File designators using HFS file name syntax must
begin with either a dot (.) or a slash (/)
character, and are limited to a maximum length of
255 characters.

File equations are ignored during resolution of
the object name to avoid having accidental file
equation references cause unintentional changes
to an object's access permissions.

The objectname parameter is followed by one of
the three type identifiers listed below.

FILENAME A type identifier indicating that
the objectname refers to either a
file or directory designator.
FILENAME is the default if a type
identifier is not specified.

LDEV A type identifier indicating that
the objectname refers to a logical
device number.

DEVCLASS A type identifier indicating that
the objectname refers to a device
class.

ACCESS Optional keyword indicating that fileaccess
specification follows. This option affects
security at the file level only.

fileaccess File security specifications, entered as follows

{R} {ANY}
{L} {AC }
{A} [,...]: {GU }[,...]
{W} {AL }
{X} {GL }
{CR }

where R, L, A, W, and X specify modes of access by
types of users (ANY, AC, GU, AL, GL, CR) as follows

R = READ
L = LOCK (allows opening with dynamic lock option)
A = APPEND (implicitly specifies L also)
W = WRITE (implicitly specifies A and L also)
X = EXECUTE

Two or more modes may be specified if they are
separated by commas. The user types are specified
as follows

ANY = Any user
AC = Member of this account only
GU = Member of this group only
AL = Account librarian user only
GL = Group librarian user only
CR = Creating user only

Two or more user types may be specified if they are
separated by commas. Default is R, L, W, A, X:ANY.
The colon (:) separating one or more modes from one
or more user types is required punctuation in the
specification of fileaccess.

The ACCESS keyword is optional. If the file is
protected by an ACD, the ACD overrides the file
access mask.

NEWACD Indicates "new ACD". Use NEWACD to create a
new ACD pair for the specified object. NEWACD
is used when an ACD does not currently exist.
It must be followed by valid ACD pair(s) as
described below.

REPACD Indicates "replace ACD". Use REPACD to replace an
entire existing ACD for the specified object, or
to copy an ACD from an existing objectname to the
specified objectname where objectname refers to a
file. (You cannot use REPACD to copy ACDs between
devices.) The REPACD parameter must be followed
by valid ACD pair(s) as described below.

ADDPAIR Indicates "add pair". Use ADDPAIR to add a new
ACD pair to an existing ACD. It must be followed
by valid ACD pair(s) as described below.

REPPAIR Indicates "replace pair". Use REPPAIR to replace
an existing ACD pair in an existing ACD. It
must be followed by valid ACD pair(s) as described
below. A new ACD pair will replace an existing
ACD pair if it has the same user and account
name.

acdpair An access control definition pair. Like the
fileaccess parameter this consists of a modes
part and a userspec part. The modes part is
separated from the userspec part a colon (:).
Acceptable modes for files are:

R : READ file access
W : WRITE file access
L : LOCK file access
A : APPEND file access
X : EXECUTE file access
NONE : no access
RACD : copy or read the ACD permission

Acceptable modes for directories are:

CD : CREATE DIRECTORY ENTRIES access
DD : DELETE DIRECTORY ENTRIES access
RD : READ DIRECTORY ENTRIES access
TD : TRAVERSE DIRECTORY ENTRIES access
NONE : no access
RACD : copy or read the ACD permission

File ACD pairs may contain R, W, L, A, X,
NONE, and RACD. Directory ACD pairs may
contain, CD, DD, RD, TD, NONE, and RACD.

The userspec part consists of:

o a fully qualified user name
(username.accountname)

o the file owner represented as $OWNER

o the file group represented as $GROUP

o the file group mask represented as
$GROUP_MASK

o @.accountname which represents all users
in the account "accountname"

o @.@ which represents all users in the system

NOTE: Wildcards cannot be used in any other
manner within a user specification.

A typical ACD consisting of three ACD pairs
might look like this:

(R,W:ENGIR.MFG;R,W,RACD:@.MRKT;R:@.@)

This ACD would allow READ and WRITE access to
the ENGR user of the MFG account; READ and
WRITE access to any user of the MRKT account
along with the ability to read or copy the
ACD; and READ access to any user in any
account.


filereference A file containing one or more ACD pairs. ACD
pairs must be separated by semi-colons and may
be placed on separate lines. A single ACD pair
may not span more than one line. The file name
must be preceded by the ^ sign (caret symbol) to
indicate that the designated file contains the
ACD definition. This is known as an indirect
file.

The ALTSEC command fails if the indirect file
does not contain a syntactically correct ACD.
ACD pairs may be on separate lines, but a pair
may not span lines. Parentheses are optional
when defining an acdpair within an indirect file.

The file reference may be specified using
MPE or HFS file name syntax. For example:

filename[/lockword][.group[.account]]

If the file has an active lockword, it must be
specified. ACDs override lockwords. Lockwords
can only be specified in file references using
MPE name syntax. Unqualified file names are
relative to the current working directory.

DELPAIR Deletes one or more ACD pairs. It must be
followed by a valid userspec.

userspec Username and accountname, the same as the
userspec described above in acdpair. A wildcard
(@) may be used for the username or both the
username and accountname together. A wildcard
may not be specified for the accountname unless
it is also specified for the username.

COPYACD Indicates that an ACD is to be copied from an
existing objectname to the specified objectname.
ACDs can only be copied between like objects.
You must specify FILENAME, LDEV, or DEVNAME.
You cannot copy an ACD from a device class
(DEVCLASS) although you may copy to all devices
on the system by specifying the @ sign as the
target device.

DELACD Deletes the ACD (all ACD pairs) from the
specified objectname. ACDs may only be removed
from devices and file in MPE groups. The file
access matrix controls access to these files
when an ACD is deleted.

MASK Keyword which selects recalculation of the ACD
file group class mask ($GROUP_MASK) access
permission.


OPERATION

     The ALTSEC command alters security provisions for files,
hierarchical directories, devices and device classes by
manipulating an object's access control definition (ACD) or its
access mask. All of these objects may have ACDs, but only files
have access masks which can be changed using this command. An
object's ACD may be altered using this command with the ACD
keywords NEWACD, REPACD, COPYACD, ADDPAIR, REPPAIR, DELPAIR,
DELACD, and MASK. A file's access mask may be altered using
either the ACCESS keyword or an access specification without
a keyword. Using the ACCESS keyword is a recommended
practice to help distinguish between file access mask and
ACD operations.

Only a file's owner can use this command to change a file's
access mask. Object owners and users with appropriate privilege
can use this command to manipulate an object's ACD. Files and
hierarchical directories have their owner's identity and a file
group ID (GID) stored in their file labels. System managers and
account managers have appropriate privilege to manipulate an
object's ACD. Account managers for the account matching an
object's GID have appropriate privilege. Devices are owned by
system managers. The ability to manipulate an ACD or file mask
is not affected by the object access currently granted to a
user. System and account managers are always granted all access
to files and hierarchical directories protected by ACDs.

File ACDs override file lockwords and the file access matrix.
ACDs permit more precise access control than can be expressed
using the file access matrix by allowing access permissions to
be granted or denied to specific users. MPE/iX allows a maximum
of 40 ACD pairs to be specified for a particular object.
Since a large number of ACD pair specifications will overflow
the command line buffer, large numbers of ACD specifications may
be entered using an indirect file.

The ALTSEC command fails if you attempt to alter the access
permissions for a permanent disk file whose group's home volume
set is not mounted.

Release 5.0 requires ACDs on the following files:

o All hierarchical directories

o All files under hierarchical directories

o All files directly under MPE/iX groups where the file GID
does not match the GID of the account and group in which the
file is located. One way this occurs would be if you rename a
file from an MPE group outside the account to another MPE
group.

Required ACDs cannot be removed with the ALTSEC command even by
users with SM or AM capability.

Access to Command Files and UDCs

You can now protect UDCs and command files by denying READ (R)
access and granting EXECUTE (X) access to users that need to
execute the file but are not permitted to read the file. When a
user lacks READ access to a command file or UDC file, the system
behaves in the following manner:

o The user cannot see any of the commands within the file.
Specifically OPTION LIST and the HPCMDTRACE variable are
defeated.

o HELP is unavailable for the file. For a UDC file this means
that all of the UDCs within the file are treated as if
OPTION NOHELP was specified.

o SHOWCATALOG'' still lists the individual UDCs and UDC
filenames. If an error occurs, the offending command line is
not echoed to $STDLIST.

To see examples of how to grant only execute access to a command
file or UDC, read "Examples."

This command may be issued from a session, job, program, or in
BREAK. Pressing [Break] has no effect on this command.

EXAMPLE(S)


NOTE:

     LISTFILE,4 can be used to view the file access matrix.

You have created a file named FDATA and you want to change
its security provisions to allow WRITE access to yourself
only. There will be no default security provisions. Enter

ALTSEC FDATA;ACCESS=(W:CR)

To change the file access matrix permissions for the
FPROG program file to allow group users to execute the
program, but only account and group librarian users can read
or write to the file, enter:

ALTSEC FPROG;ACCESS=(X:GU;R,W:AL,GL)

ACD Examples

LISTFILE,-2 can be used to view ACD information.
This form of the LISTFILE command displays only ACD
information.

You have created a file named FDATA and you wish to
assign a new ACD to FDATA granting write access to a
user named FRIEND. Enter:

ALTSEC FDATA;NEWACD=(W:FRIEND.ACCT)

As the creator of a file, you are by default able to
access the file, so granting your user identity all access
in the ACD would be redundant. Users with appropriate
privileges are always permitted to access files protected by
ACDs.

To extend the ACD for the FDATA file so that all users on the
system can read it, and all users within your account "ACCT"
can also write to it, enter:

ALTSEC FDATA;ADDPAIR=(R:@.@; W,R:@.ACCT)
ALTSEC FDATA;DELPAIR=(FRIEND.ACCT)

If you later decided that users outside your account "ACCT"
should not have read access to the file FDATA any longer,
enter:

ALTSEC FDATA;DELPAIR=(@.@)

This does not mean to delete all ACD pairs, only the ACD
pair matching @.@. To delete the entire ACD enter:

ALTSEC FDATA;DELACD

You want to copy the ACD associated with LDEV 5 to all
devices in device class TERM:

ALTSEC TERM,DEVCLASS;COPYACD=5,LDEV

ACDs may be copied only between objects of the same type.

You want to grant users in account ACCT all access to
directory Mydir1:

ALTSEC .\Mydir1;ADDPAIR=(CD,DD,RD,TD,RACD : @.ACCT)

You want to grant read and write access to yourself and read
access for other members of your group to an HFS syntax file
named a_file_of_Mine:


ALTSEC ./a_file_of_Mine;REPPAIR=(RACD,R,W:$OWNER;
RACD,R:$GROUP,$GROUP_MASK; NONE:@.@)

To alter the security of file FILENAME, to allow write access
to the creator only and override the MPE/iX default security
(if it still exists) enter:

ALTSEC FILENAME;ACCESS=(W:CR)

To change the security of program file PROGNAME so
that any group user can execute the program, but only account
and group librarians can read or write to the file, enter:

ALTSEC PROGNAME;ACCESS=(X:GU;R,W:AL,GL)

To add a new ACD to file PROGNAME allowing all users on
the system to execute it, but only users in account ACCT to
write to it enter:

ALTSEC PROGNAME;NEWACD=(X:@.@;W,X:@.ACCT)

To grant execute access to the mycmdf file, enter either of the
following commands. (To then verify the security, use LISTFILE
formats -2 or 4.)

:altsec mycmdf; access=(x:any; r,w,l,a:gu)

:altsec mycmdf; repacd=(racd,x:@.@; r,w,l,a:$group)


ADDITIONAL INFORMATION

Commands:   LISTF, LISTFILE, RELEASE, SHOWDEV, SECURE
            Also see the fileaccess parameter for these commands:
            ALTACCT, ALTGROUP, NEWACCT, NEWGROUP

Manuals :   MPE/iX Intrinsics Reference Manual (32650-90028)