Table of Contents
Advertisement
Managing Users and Security
This security string means that any local user can read the file, only local members of
the ADMIN group can write to the file, any network user can execute the file, and only
the owner (whether logged on locally or remotely) can purge it.
If a second user ADMIN.ANN is on a remote system in the network, she can only
execute the file. However, if she logs on locally, she also has read and write access for
BILLFILE.
Default Security of Remote Files
The default security of a file that you create on a remote system might not be the same
as your default security on your home system. For example, if your default security is
GGGU, and you create a file on a remote system, its default file security is CCCU.
To give you, the owner of the file, the ability to access the file on the remote system,
your local file access is converted to local and remote access for that remote file. This
means that the local files access codes A, G, and O are converted to N, C, and U,
respectively, for files you create remotely.
Process Security
The system can prevent one process from interfering with another process. Process
security features, however, do not interfere with applications running on systems where
security is not required.
This subsection describes the security features that protect and restrict access to running
processes, such as process and creator access IDs, and describes their use in the security
system. Also described are procedures for licensing programs and for adopting the user
ID of a program file owner as that program's process access ID.
Process and Creator Access IDs
Two identifications are associated with each process: the creator access ID and the
process access ID. The creator access ID identifies the user who initiated the creation of
the process. The process access ID, which is often the same as the creator access ID,
identifies the process and is used to determine if the process has the authority to make
requests to the system (to open a file, stop another process, and so on).
Figure 16-1
shows a chain of process creations in which the process access ID of the
original process is passed to other generations of processes. In this figure, CI is a
command interpreter process, p1 and p2 are processes created by CI, and p3 is a process
created by p2.
A process can determine its creator access ID and process access ID using the
CREATORACCESSID and PROCESSACCESSID procedures, respectively (see the
Guardian Programmer's Guide).
The process access ID is used to determine if file access is allowed. The process access
ID is also used to determine whether certain security-restricted operations can be
performed if the requester is neither the creator of the process nor the super ID.
Guardian User's Guide —425266-001
16 -15
Process Security
Advertisement
Table of Contents
