73 lines
4.9 KiB
HTML
73 lines
4.9 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Security for new objects" />
|
|
<meta name="abstract" content="When you create a new object in the root (/) file system, the interface that you use to create it determines its authorities." />
|
|
<meta name="description" content="When you create a new object in the root (/) file system, the interface that you use to create it determines its authorities." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanifssec.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvifscreatedir.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvifsapidir.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvifsstreamfile.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvifscreatepc.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="ifssecnewobject" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Security for new objects</title>
|
|
</head>
|
|
<body id="ifssecnewobject"><a name="ifssecnewobject"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Security for new objects</h1>
|
|
<div><p>When you create a new object in the <span class="q">"root"</span> (/)
|
|
file system, the interface that you use to create it determines its authorities.</p>
|
|
<p>For example, if you use the CRTDIR command and its defaults, the new directory
|
|
inherits all of the authority characteristics of its parent directory, including
|
|
private authorities, primary group authority, and authorization list association.
|
|
The following sections describe how authorities are determined for each type
|
|
of interface. </p>
|
|
<div class="p">Authority comes from the immediate parent directory, not from directories
|
|
higher up in the tree. Therefore, as a security administrator, you need to
|
|
view the authority that you assign to directories in a hierarchy from two
|
|
perspectives:<ul><li>How the authority affects access to objects in the tree, like library
|
|
authority.</li>
|
|
<li>How the authority affects newly created objects, like the CRTAUT value
|
|
for libraries.</li>
|
|
</ul>
|
|
</div>
|
|
<p><span class="uicontrol">Recommendation:</span> You may want to give users who work
|
|
in the integrated file system a home directory (for example, /home/usrxxx),
|
|
then set the security appropriately, such as PUBLIC *EXCLUDE. Any directories
|
|
the user creates under their home directory will then inherit the authorities.</p>
|
|
</div>
|
|
<div>
|
|
<ul class="ullinks">
|
|
<li class="ulchildlink"><strong><a href="rzamvifscreatedir.htm">Use the Create Directory command</a></strong><br />
|
|
When you create a new subdirectory by using the CRTDIR command, you have two options for specifying authority.</li>
|
|
<li class="ulchildlink"><strong><a href="rzamvifsapidir.htm">Create a directory with an API</a></strong><br />
|
|
When you create a directory by using the mkdir() API, you specify the data authorities for the owner, the primary group, and public (using the authority map of *R, *W, and *X).</li>
|
|
<li class="ulchildlink"><strong><a href="rzamvifsstreamfile.htm">Create a stream file with the open() or creat() API</a></strong><br />
|
|
When you use the creat() API to create a stream file, you can specify the data authorities for the owner, the primary group, and public (using the UNIX-like authorities of *R, *W, and *X).</li>
|
|
<li class="ulchildlink"><strong><a href="rzamvifscreatepc.htm">Create an object by using a PC interface</a></strong><br />
|
|
You can use the creat() API to create a stream file.</li>
|
|
</ul>
|
|
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanifssec.htm" title="The integrated file system provides you with multiple ways to store and view information on the server.">Plan integrated file system security</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |