beautypg.com

Freezing and thawing an access control list – HP Integrity NonStop J-Series User Manual

Page 48

background image

Securing Disk Files

Safeguard User’s Guide — 422089-020

3 - 14

Freezing and Thawing an Access Control List

For example, suppose you want to use the same authorization record you defined for
quarter1 for another disk file called quarter2. To add quarter2 to the Safeguard
database, using the same security attributes and access control list as quarter1:

=ADD DISK quarter2, LIKE quarter1

You can also use LIKE with the ALTER DISKFILE command. However, with the ALTER
DISKFILE command, the access control list designated by LIKE does not replace the
existing access control list. The new list is added to the existing access control list.
LIKE does replace the other security attributes, such as auditing specifications,
CLEARONPURGE, and LICENSE.

Freezing and Thawing an Access Control List

The FREEZE DISKFILE command temporarily suspends the access control list for a
disk file. Only the primary owner (specified by the OWNER attribute), the primary
owner's group manager, the local super ID, and the users with OWNER authority on
the access control list can freeze or thaw an access control list. Also, only these users
can access the file while the access control list is frozen. No other users can read the
file, change it, execute it (if it is a program object file), or purge it.

For example, because you own quarter1, you can freeze access to the file with this
command:

=FREEZE DISKFILE quarter1

Use the INFO DISKFILE command to verify that the access control list is frozen:

=INFO DISK quarter1

To restore a frozen access control list, use the THAW DISKFILE command. Any user
who can freeze an access control list can also thaw it.

Note. The LIKE keyword sets all the security attributes of one file (not just the access control
list) to those of another file. LIKE sets all the attributes listed in Table 3-2, but it does not alter
the THAWED or FROZEN status of the file being added or altered.

LAST-MODIFIED OWNER STATUS WARNING-MODE

$DATA.SALES

QUARTER1 23JUL05, 15:25 2,1 FROZEN OFF

002,001 R,W,E,P

002,006 DENY W

002,018 R,W,E,P

004,012 R

008,004 DENY R

002,* R,W

008,* R

Note. Freezing an access control list has no effect on processes that already have the file
open.

This manual is related to the following products:
See also other documents in the category HP Computer hardware: