As noted before, there are two related concepts in FTAM file
protection: access control, and concurrency control. Access control
governs the actions that are permitted on a file, granting different
users different subsets of the available actions. Concurrency control
governs whether and how multiple users can access the file. Concurrency
control is applied independently to each action, as will be described
later.
All the following controls and passwords are set (or satisfied)
by using an "action/concurrency string" as an
argument in an FTAM command. These are discussed later in this chapter.
Access Control |
 |
The following example illustrates the concepts involved in
FTAM access control.
$ fls -a donald@chicago:/users/donald/earlydata
Filename: /users/donald/earlydataPermissions:
R-PXEACD---File type: text (FTAM-1)
Storage account: no value available
File creation: no value available
Last file modification: Jan 12 19:49
Last read: Jan 18 15:36
Last attribute modification: no value available
Identity of creator: donald
Identity of modifier: no value available
Identity of reader: no value available
Identity of attribute modifier: no value available
File availability: immediate availability
Filesize: 1100Access
Control: other R-------
group R--X-A--
user R-PXEACDLegal qualification: no value available |
Examine the italicized line labelled Permissions. The permissions
stated on that line are the only actions that anyone can perform
on the file. Notice that the "I" permission is
missing; this means that no one has or can be given Insert permission
for this file. [6]
Now examine the italicized entry labelled Access Control.
Each user in this category is granted different permissions:
The owner of the file, user, has full
permission (excluding Insert, as just noted).
Co-workers in the owner's group can Read,
eXtend, and read the Attributes
of the file; they are excluded from any other activity that involves
this file.
Other users on the system can only Read
the file; they are excluded from any other activity that involves
this file.
File protection constraints like this are placed on the file
using the fcattr -i command, or the cattr -i command within ftam.
Once the file has file protection (access control) on it, users
must use the -z option (for command-line FTAM), or ftam's set (-y
or -z) command, to do anything with the file. See “Using FTAM File Protection” later in this chapter
for details.
The FTAM specification makes it possible to apply a password to each file action. Then a
user must know the password before he can perform the action.
Note, however, that HP-UX FTAM does not keep track of file-action
passwords. There is no effect if you attempt to set (or satisfy)
file-action passwords for files stored by an HP-UX FTAM
host, either local or remote. However, you can satisfy (i.e., supply)
a file-action password when a remote FTAM host requires
one, via the -z option and an action/concurrency string.
These are discussed in the next section.
As noted previously, concurrency control
is applied independently to each action. Concurrency control governs
whether and how multiple users can perform a given action with the
file.
Once again, examine the shaded Access Control entry in the
previous example. Concurrency control can be associated with each
of the actions listed for the users in the Access Control list.
For example, for the users in the example file owner's group,
it is possible to limit eXtend access to
occur only when a single user has access to the file. This is called
"exclusive" access . The other actions for a
group user (Read and read Attributes)
could be given "shared" access
, which allows multiple users to perform these actions simultaneously.
Possible concurrency controls are listed in Table 5-2 “Concurrency Control Locks”.
Note, however, that HP-UX FTAM does not keep track of concurrency
control applied to file-actions. There
is no effect if you attempt to set (or satisfy) file-action
concurrency control on files stored by an HP-UX FTAM host, either
local or remote. However, you can satisfy (i.e., supply) a concurrency
control code when a remote FTAM host requires one, via the -z
option and an action/concurrency string. These are discussed in
the next section. Furthermore, you can obtain exclusive access to
an HP-UX FTAM file by using the -X option, described next.
Obtaining Exclusive Access |
|
HP-UX FTAM also provides a "shortcut" when
you need exclusive access
to an FTAM file. Whenever you need exclusive access to a file and
can use command-line FTAM, the -X option is the right choice.
For example, the following command obtains a "snapshot"
copy of a file which may have multiple users:
$ fcp michael@nairobi:/users/reservations/june.reserv -X june.bookings |
As noted at the start of this chapter, the only thing most
people need to know about FTAM file protection is how to use the
-X option. Unless a remote file has a passwords associated
with file actions, your use of FTAM's file protection scheme will
probably only involve using the -X option to obtain exclusive
access to certain files.
Printable version
