MPE requires AM or SM capability to view file creators, but POSIX will let
anybody view this information. I.e. a vanilla non-prived user can do this:
:listfile query.pub.sys,-3
^
Listing sensitive file data requires AM capability for files in your logon
account; otherwise, SM capability is required. (CIERR 928)
:sh "-c 'ls -l /SYS/PUB/QUERY'"
-rwxr-xr-x 1 MANAGER.SYS SYS 1754624 Nov 29 10:11 /SYS/PUB/QUERY
I personally prefer the more relaxed POSIX functionality. :-) It would be
hard for me to count the number of times I've had to log off and log back on
with AM or SM in order to view creator information.
POSIX is supposed to work this way with respect to file creators. Can anybody
else think of cases where POSIX policies contradict long-held MPE policies?
--
Mark Bixby E-mail: [log in to unmask]
Coast Community College Dist. Web: http://www.cccd.edu/~markb/
District Information Services 1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)