File ownership
-
Is defined by the usercode associated with a file.
-
Provides the basis for most file security.
Ownership Based on the Usercode
When a user or process running under a usercode creates a new file, that file is associated with that usercode.
Under most conditions, any user or process running under that usercode can access that file. However, even the owner of a file can have his or her access denied or limited when either
-
The value of the SECURITYTYPE file attribute is CONTROLLED.
-
The access permissions specified in the SECURITYMODE attribute deny access to the owner.
Users who are not owners of a file can be granted access to that file on a controlled basis. The owner of the file or a privileged user or process can attach a guard file to the file or set appropriate file security attributes so that access is granted only to those users and processes who are intended to have access.
File-access security checking is performed for file-access actions when the following events occur.
|
Action |
When Checking Occurs |
|---|---|
|
READ from or WRITE to a file |
At file open |
|
EXECUTE a code file |
At process initiation or library linkage |
|
REMOVE a file or CHANGE a file title |
At file open or when action occurs |
