z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling access to files and directories

z/OS UNIX System Services Planning
GA32-0884-00

The system provides security for local files by verifying that a z/OS UNIX user can access a directory, a file, and every directory in the path to the file.

The system does a security check for a file, FIFO special file (named pipe), character special file, and directory. It does not check an unnamed pipe, because this pipe can be accessed only by the parent process that created the pipe and by child processes of the creating process. When the last process using an unnamed pipe closes it, the pipe vanishes.

Every file and directory has security information, which consists of:
  • File access permissions (including an ACL, if one exists)
  • UID and GID of the file
  • Audit options that the file owner can control
  • Audit options that the security auditor can control

The file access permission bits that accompany each file provide discretionary access control (DAC). These bits determine the type of access a user has to a file or directory.

The following topics assume that ACLs are not being used. Go to Using access control lists (ACLs) for more information about ACLs.

Parent topic: Establishing UNIX security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014