ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvifssecnewobject.htm

73 lines
4.9 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security for new objects" />
<meta name="abstract" content="When you create a new object in the root (/) file system, the interface that you use to create it determines its authorities." />
<meta name="description" content="When you create a new object in the root (/) file system, the interface that you use to create it determines its authorities." />
<meta name="DC.Relation" scheme="URI" content="rzamvplanifssec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvifscreatedir.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvifsapidir.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvifsstreamfile.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvifscreatepc.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="ifssecnewobject" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security for new objects</title>
</head>
<body id="ifssecnewobject"><a name="ifssecnewobject"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security for new objects</h1>
<div><p>When you create a new object in the <span class="q">"root"</span> (/)
file system, the interface that you use to create it determines its authorities.</p>
<p>For example, if you use the CRTDIR command and its defaults, the new directory
inherits all of the authority characteristics of its parent directory, including
private authorities, primary group authority, and authorization list association.
The following sections describe how authorities are determined for each type
of interface. </p>
<div class="p">Authority comes from the immediate parent directory, not from directories
higher up in the tree. Therefore, as a security administrator, you need to
view the authority that you assign to directories in a hierarchy from two
perspectives:<ul><li>How the authority affects access to objects in the tree, like library
authority.</li>
<li>How the authority affects newly created objects, like the CRTAUT value
for libraries.</li>
</ul>
</div>
<p><span class="uicontrol">Recommendation:</span> You may want to give users who work
in the integrated file system a home directory (for example, /home/usrxxx),
then set the security appropriately, such as PUBLIC *EXCLUDE. Any directories
the user creates under their home directory will then inherit the authorities.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvifscreatedir.htm">Use the Create Directory command</a></strong><br />
When you create a new subdirectory by using the CRTDIR command, you have two options for specifying authority.</li>
<li class="ulchildlink"><strong><a href="rzamvifsapidir.htm">Create a directory with an API</a></strong><br />
When you create a directory by using the mkdir() API, you specify the data authorities for the owner, the primary group, and public (using the authority map of *R, *W, and *X).</li>
<li class="ulchildlink"><strong><a href="rzamvifsstreamfile.htm">Create a stream file with the open() or creat() API</a></strong><br />
When you use the creat() API to create a stream file, you can specify the data authorities for the owner, the primary group, and public (using the UNIX-like authorities of *R, *W, and *X).</li>
<li class="ulchildlink"><strong><a href="rzamvifscreatepc.htm">Create an object by using a PC interface</a></strong><br />
You can use the creat() API to create a stream file.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanifssec.htm" title="The integrated file system provides you with multiple ways to store and view information on the server.">Plan integrated file system security</a></div>
</div>
</div>
</body>
</html>