News Stay informed about the latest enterprise technology news and product updates.

IFS authority considerations -- Part 3

IFS authority considerations you should be aware of.

Initial object authorities are assigned to a new file or directory based on the authority values of the parent directory. The following rules involved with this are:

a) The owner for the new object has the same object authorities the owner of the parent directory to the parent directory.

b) The primary group for the new object the same object authorities the primary group of the parent directory to the parent directory.

c) *PUBLIC has the same object authorities to the new object that it has to the parent directory.

These rules apply even when the owner of the parent directory and the newly created object are not the same, and even when the owner of the new object has separate private authority to the parent directory.

For example:

 Object . . . . . . . . . . . . . . :    /rjzeller               
 Owner . . . . . . . . . . . :    RJZELLER               
 Authorization List. . . . . :    *NONE                                                                                            
User:     Object Auth:                       
Object authorities - 
  BOB         *ALL 

User BOB signs on and creates a new object (file/dir) under /rjzeller. BOB is the owner of this new object and adopts the same object authority as the owner of object '/rjzeller'.

Because RJZELLER does not have authority to '/rjzeller' (no user authorities are listed for RJZELLER), user BOB also does not have object authority to the object he created under '/rjzeller'.

This can be a problem for some PC applications (such as Excel/Word) which create a temporary file when opening a current file for edit. When the user attempts to save the file, the application renames the temporary file to the original file name; however, this requires at least *OBJMGT authority which the owner does not have (example above) and, therefore, the user is unable to save the file.

The above is true for OBJECT authorities. DATA authorities are handled differently. Typically, how these are inherited or determined are based on the interface used to create the new object. From most PC interfaces, the owner/creator gets all data authorities regardless of the parent authority.

Note: This information was submitted by Search400 expert Ken Graap. It is an IBM software technical document.

About the author: Kenneth Graap is a senior AS/400e system administrator at Northwest Natural Gas in Portland, Ore. He has extensive experience in all aspects of iSeries systems management. That includes proactive performance tuning, system software upgrades and maintenance, hardware upgrade planning, backup/recovery procedures and security.

Dig Deeper on Integrated File System (IFS)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.