Printer backup files are files in the printing subsystem waiting to be printed on a mechanical device. Such files are often called simply backup files. These files can be manipulated by means of the Print System, the Backup Processor utility, and the SYSTEM/BACKUP utility.

The capabilities of the Print System, Backup Processor, and SYSTEM/BACKUP utilities include specifying target printers, specifying the number of copies to be printed, the ability to list backup files awaiting printing, and the ability to delete such files. However, if the security option OLDBKUPSECURITY is reset, backup files can be manipulated without using the Print System, the Backup Processor utility, or the SYSTEM/BACKUP utility. The OLDBKUPSECURITY security option is described later in this section.

The security-related file attributes that apply to disk files in general, SECURITYTYPE and SECURITYUSE, also apply to printer backup files. The default value of the SECURITYUSE attribute is IO. However, the default for the SECURITYTYPE attribute differs for printer backup files.

The following rules determine the value of the SECURITYTYPE file attribute:

Otherwise, the default value of the SECURITYTYPE attribute is PUBLIC.

To protect printer backup files, you might choose to make one or both of the following security option value assignments:

For information on setting system security options, see Controlling System Security.

OLDBKUPSECURITY Security Option

The security option OLDBKUPSECURITY enables the system to enforce security rules on backup files stored under backup directories *BD and *REMLPnn.

When OLDBKUPSECURITY is FALSE, which is the default value, you can manipulate backup files without the use of the Print System, Backup Processor, or SYSTEM/BACKUP utilities. With the security option OLDBKUPSECURITY set to FALSE, a nonprivileged user can

When the operating system creates a backup file on behalf of a user, it stores the usercode of the user in the OWNER attribute of the file. As a result, the OWNER value can differ from the usercode of the title of the file.

By default, when a user copies a backup file to his usercode, the operating system changes the OWNER value of the destination file to the user usercode. When a privileged user copies a backup file to a reserved backup directory, the system does not change the OWNER value of the destination file unless the BECOMEOWNER option is set.

When a nonprivileged user copies a reserved backup directory and the copy process does not specify the BECOMEOWNER option, the system only selects backup files belonging to the user. When the BECOMEOWNER option is specified, the system also selects backup files to which the user has read access.

SAVEPRINTFILE and SAVEBACKUPFILE Attributes

The SAVEPRINTFILE attribute is used to control the removal of either a disk file or backup file after it has been printed. The SAVEPRINTFILE attribute and the SAVEBACKUPFILE attribute are synonymous, except that SAVEBACKUPFILE is associated with printer backup files only. SAVEPRINTFILE is the preferred attribute.

When the value of the SAVEPRINTFILE attribute is TRUE, the disk file or backup file is not removed after processing by the Print System. If the value of the attribute is FALSE, the disk file or backup file is removed once the file is printed. The default value of SAVEPRINTFILE is TRUE for disk files and FALSE for backup files. However, if the WFL PRINT statement is used, the default value for SAVEPRINTFILE is TRUE for both disk and backup files.

When the value of the SAVEBACKUPFILE attribute is TRUE, the backup file is not removed after printing. If the value of the attribute is FALSE, the backup file is removed after the file is printed. The default value of the SAVEBACKUPFILE attribute is FALSE. However, when the WFL PRINT statement is used to print a backup file, the default value of SAVEBACKUPFILE is TRUE. If public backup files are saved after printing, take appropriate measures to protect them.

If both attributes are specified, SAVEPRINTFILE takes precedence. The LOCKEDFILE attribute might also determine whether a disk or backup file is removed. For more information about the SAVEPRINTFILE, SAVEBACKUPFILE, and LOCKEDFILE attributes, refer to the File Attributes Programming Reference Manual.

Guard Files and Printer Backup Files

Attach guard files to printer backup files in the same fashion that you attach guard files to disk files in general. However, because of the transitory nature of many backup files when the SAVEPRINTFILE or SAVEBACKUPFILE attribute is FALSE (the files exist only until they are printed), guard files on printer backup files are often unnecessary.

Scrubbing of Backup Files

When the DISKSCRUB system security option is TRUE, printer backup files are scrubbed before the areas of the disk allocated for the files are reused.

File TRANSFORM Attribute

The TRANSFORM attribute can specify a transform function to be used when a record is printed. The function is intended to transform records from the backup file, making them suitable to the device that is printing them.

A transform implemented through Print System inherits the status of the usercode for which the file is being printed—either nonprivileged or privileged status. A transform implemented through Remote Print System is privileged regardless of the status of the usercode for which the file is being printed.

Because a transform function implemented by Remote Print System is privileged, and because the function can perform any activity designed into it—even activities such as reading data from another user private file or destroying another user file—use Remote Print System transforms with care.

If security is of particular concern on your system, you might choose to restrict the use of Remote Print System transforms so that users can invoke only transforms that are in support libraries and that are under the control of the security administrator. This restriction is enforced when the security option SLTRANSFORMS is set.

In this case, a user must use the following form of the TRANSFORM file attribute to invoke a transform:

TRANSFORM = "<transform function name> IN SL <transform library>"

In this form, the transform function name and transform library name are substituted for <transform function name> and <transform library>, respectively.