|
- A process is the owner of the file if the process's effective OS/390® UNIX user
identifier (UID) is equal to the file's owner UID.
- If the caller is not superuser nor the owner, and the audit function
code is listed in Table 1, an authorization
check is performed on the corresponding resource name in the UNIXPRIV
class. If the authorization check is successful, the caller is treated
as a superuser.
Table 1. UNIXPRIV class
resource names used in ck_owner_two_filesAudit function code |
Resource name |
Access required |
---|
RENAME, RMDIR, UNLINK |
SUPERUSER.FILESYS |
CONTROL |
- If the SECLABEL class is active and the file or directory has
a security label, then the current security label of the process must
be greater than or equal to the security label of the resource or
the security label of the resource must be greater than or equal to
the process's current security label, that is, the security labels
are not disjoint. If MLFSOBJ is active, a failure will occur if the
resource does not have a security label. Security label checking is
bypassed if the ACEE indicates trusted or privileged authority or
if the service is passed a system CRED.
|