Create Directory (MD)

Where allowed to run: All environments (*ALL)
Threadsafe: No

The Create Directory (MD) command adds a new directory to the system.

A directory is an object that contains the names of other objects. Libraries and folders are types of directories. When a directory is created, a link is added to the directory prefix. The directory must have been created before any objects can be placed into it.

This command is an alias for the Create Directory (CRTDIR) command and can also be issued using the following alternative command names:

CRTDIR
MKDIR

For more information about integrated file system commands, see the Integrated file system topic collection in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/.

Restrictions:

The following restriction applies when the directory to be created is a library in the QSYS.LIB or independent ASP QSYS.LIB file system, or a directory within the "root" (/), QOpenSys, or user-defined file systems:
- The audit (*AUDIT) special authority is required when specifying a value other than *SYSVAL on the Auditing value for objects (CRTOBJAUD) parameter.
The following restriction applies when the directory to be created is a folder in an existing folder in QDLS:
- The change (*CHANGE) authority is required for the existing folder.
The user must have execute (*X) authority to each directory in the path.
When creating a directory in the "root" (/), QOpenSys or user_defined file system, the user must have write and execute (*WX) authority to the directory that contains the new directory.
When creating a directory, the owner ID (UID) is the user creating the directory.
If the directory is to be created in the "root" (/), QOpenSys, and user-defined file systems, the following applies. If the S_ISGID bit of the parent directory is off, the group ID (GID) is set to the effective GID of the thread creating the directory. If the S_ISGID bit of the parent directory is on, the group ID (GID) of the new directory is set to the GID of the parent directory.

If the directory is to be created in the QSYS.LIB or independent ASP QSYS.LIB file system, the GID is obtained from the primary user profile. For all other file systems, the GID is obtained from the parent directory.
The user must have all object (*ALLOBJ) and security administrator (*SECADM) special authorities to specify a value for the Scanning option for objects (CRTOBJSCAN) parameter other than *PARENT.

Top

Parameters

Keyword	Description	Choices	Notes
DIR	Directory	Path name	Required, Positional 1
DTAAUT	Public authority for data	Name, INDIR, RWX, RW, RX, WX, R, W, X, EXCLUDE, NONE	Optional
OBJAUT	Public authority for object	Single values: INDIR, NONE, ALL Other values (up to 4 repetitions): OBJEXIST, OBJMGT, OBJALTER, *OBJREF	Optional
CRTOBJAUD	Auditing value for objects	SYSVAL, NONE, USRPRF, CHANGE, *ALL	Optional
CRTOBJSCAN	Scanning option for objects	PARENT, YES, NO, CHGONLY	Optional
RSTDRNMUNL	Restricted rename and unlink	NO, YES	Optional

Top

Directory (DIR)

Specifies the path name of the directory to be created.

Note: Do not use a name that begins with the character Q. The system assumes that libraries or directories with those names are system libraries or directories.

For more information on specifying path names, refer to "Object naming rules" in the CL topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/.

Note: This parameter is Unicode-enabled. See "Unicode support in CL" in the CL topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/ for additional information.

Top

Public authority for data (DTAAUT)

Specifies the public data authority given to the user for the directory, or specifies that all authorities are inherited from the directory it is to be created in.

*INDIR: The authority for the directory to be created is determined by the directory it is to be created in. The directory immediately preceding the new directory determines the authority. A directory created in the "root" (/), QOpenSys, or user-defined file system is assigned the same public, private and primary group authority, authorization list, and primary group as the directory it is to be created in. A directory created in QDLS for a folder defaults to *EXCLUDE for a first level folder. If created in the second level or greater, the authority of the previous level is used. The QOpenSys and "root" (/) file systems use the parent directory's Data Authority value. If the value *INDIR is specified for either the Public authority for object (OBJAUT) parameter or the DTAAUT parameter, then *INDIR must be specified for both parameters.
*RWX: The user can change the object and perform basic functions on the object except those limited to the owner or controlled by object existence (*OBJEXIST), object management (*OBJMGT), object alter (*OBJALTER) and object reference (*OBJREF) authorities. Read, write, and execute (*RWX) authority provides object operational (*OBJOPR) and all data authorities.
*RW: The user can view and change the contents of an object. Read and write (*RW) authority provides *OBJOPR and data read (*READ), add (*ADD), update (*UPD) and delete (*DLT) authorities.
*RX: The user can perform basic operations on the object, such as run a program or display the contents of a file. The user is prevented from changing the object. Read and execute (*RX) authority provides *OBJOPR and data *READ and execute (*EXECUTE) authorities.
*WX: The user can change the contents of an object and run a program or search a library or directory. Write and execute (*WX) authority provides *OBJOPR and data *ADD, *UPD, *DLT, and *EXECUTE authorities.
*R: The user can view the contents of an object. Read (*R) authority provides *OBJOPR and data *READ authorities.
*W: The user can change the contents of an object. Write (*W) authority provides *OBJOPR and data *ADD, *UPD, and *DLT authorities.
*X: The user can run a program or search a library or directory. Execute (*X) authority provides *OBJOPR and data *EXECUTE authorities.
*EXCLUDE: The user cannot access the object. The OBJAUT value must be *NONE, if this special value is used.
*NONE: The user is given no data authorities to the objects. This value cannot be used with the OBJAUT value of *NONE.
name: Specify the name of the authorization list used. The format of the authorization list name remains the current ten-character format. The OBJAUT value must be *NONE, if this special value is used.

Top

Public authority for object (OBJAUT)

Specifies the public object authority given to users for the directory, or specifies that all authorities are inherited from the directory it is to be created in.

*INDIR: The object authority is based on the authority for the directory where this directory is to be created. A directory created in the "root" (/), QOpenSys, or user-defined file system is assigned the same public, private and primary group authority, authorization list, and primary group as the directory it is to be created in. If the value *INDIR is specified for either the OBJAUT parameter or the Public authority for data (DTAAUT) parameter, then *INDIR must be specified for both parameters.
*NONE: None of the other object authorities (*OBJEXIST, *OBJMGT, *OBJALTER or *OBJREF) are given to the users. If *EXCLUDE or an authorization list is specified for the DTAAUT parameter, *NONE must be specified. This value cannot be used with the DTAAUT value of *NONE.
*ALL: All of the other object authorities (*OBJEXIST, *OBJMGT, *OBJALTER or *OBJREF) are given to the users.
The user can specify up to four of the following values:
*OBJEXIST: The user is given object existence (*OBJEXIST) authority to the object. The user can delete the object, free storage of the object, perform save and restore operations for the object, and transfer ownership of the object.
*OBJMGT: The user is given object management (*OBJMGT) authority to the object. With this authority the user can specify security for the object, move or rename the object and add members to database files.
*OBJALTER: The user is given object alter (*OBJALTER) authority to the object. The user is able to alter the attributes of the objects. On a database file, the user can add and remove triggers, add and remove referential and unique constraints, and change the attributes of the database file. With this authority on an SQL package, the user can change the attributes of the SQL package. Currently, this authority is used only for database files and SQL packages.
*OBJREF: The user is given object reference (*OBJREF) authority to objects. Used only for database files, the user can reference an object from another object such that operations on that object may be restricted by the other object. On a physical file, the user can add a referential constraint in which the physical file is the parent.

Top

Auditing value for objects (CRTOBJAUD)

Specifies the auditing value of objects created in this directory.

Values for this parameter other than *SYSVAL may not be supported by some file systems.

*SYSVAL: The object auditing value for the objects in the directory is determined by the Create object auditing (QCRTOBJAUD) system value.
*NONE: Using or changing this object does not cause an audit entry to be sent to the security journal.
*USRPRF: The user profile of the user accessing this object is used to determine if an audit record is sent for this access. The OBJAUD parameter of the Change User Auditing (CHGUSRAUD) command is used to change the auditing for a specific user.
*CHANGE: All change accesses to this object by all users are logged.
*ALL: All change or read accesses to this object by all users are logged.

Top

Scanning option for objects (CRTOBJSCAN)

Specifies whether the objects created in a directory will be scanned when exit programs are registered with any of the integrated file system scan-related exit points.

The integrated file system scan-related exit points are:

QIBM_QP0L_SCAN_OPEN - Integrated File System Scan on Open Exit Program
QIBM_QP0L_SCAN_CLOSE - Integrated File System Scan on Close Exit Program

For details on these exit points, see the APIs topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/.

This attribute can only be specified for directories created in the "root" (/), QOpenSys and user-defined file systems. For all other file systems, *PARENT should be specified and it will be ignored. Even though this attribute can be set for *TYPE1 and *TYPE2 directories, only objects which are in *TYPE2 directories will actually be scanned, no matter what value is set for this attribute.

*PARENT: The create object scanning attribute value for this directory is copied from the create object scanning attribute value of the parent directory.
*YES: After an object is created in the directory, the object will be scanned according to the rules described in the scan-related exit programs if the object has been modified or if the scanning software has been updated since the last time the object was scanned.
*NO: After an object is created in the directory, the object will not be scanned by the scan-related exit programs.
Note: If the Scan file systems control (QSCANFSCTL) value *NOPOSTRST is not specified when an object with this attribute is restored, the object will be scanned at least once after the restore.
*CHGONLY: After an object is created in the directory, the object will be scanned according to the rules described in the scan-related exit programs only if the object has been modified since the last time the object was scanned. It will not be scanned if the scanning software has been updated. This attribute only takes effect if the Scan file systems control (QSCANFSCTL) system value has *USEOCOATR specified. Otherwise, it will be treated as if the attribute is *YES.
Note: If the Scan file systems control (QSCANFSCTL) value *NOPOSTRST is not specified when an object with this attribute is restored, the object will be scanned at least once after the restore.

Top

Restricted rename and unlink (RSTDRNMUNL)

Specifies whether special restrictions apply for rename and unlink operations performed on objects within a directory. This attribute is equivalent to the S_ISVTX mode bit and can only be set for a directory in the Network File System (NFS), QFileSvr.400, "root" (/), QOpenSys, or user-defined file systems. Both the NFS and QFileSvr.400 file systems support this attribute by passing it to the server and surfacing it to the caller.

*NO

No additional restrictions for renaming or unlinking objects from this directory.

*YES

Objects within this directory may be renamed or unlinked only if one or more of the following are true for the user performing the operation:

The user is the owner of the object.
The user is the owner of the directory.
The user has all object (*ALLOBJ) special authority.

Top

Examples

The alternative command name for MD is CRTDIR. The following examples use the alternative command name, but MD can be replaced directly for CRTDIR in all of them.

Example 1: Creating a Directory

CRTDIR   DIR('MYDIR')

This command creates the directory MYDIR and adds it to the current directory. The defaults are used for the remaining parameters.

Top

Error messages

*ESCAPE Messages

CPFA085: Home directory not found for user &1.
CPFA089: Pattern not allowed in path name.
CPFA09C: Not authorized to object. Object is &1.
CPFA09D: Error occurred in program &1.
CPFA09E: Object in use. Object is &1.
CPFA0A0: Object already exists. Object is &1.
CPFA0A1: An input or output error occurred.
CPFA0A3: Path name resolution causes looping.
CPFA0A6: Number of links exceeds maximum allowed for the file system.
CPFA0A7: Path name too long.
CPFA0A9: Object not found. Object is &1.
CPFA0AA: Error occurred while attempting to obtain space.
CPFA0AB: Operation failed for object. Object is &1.
CPFA0AD: Function not supported by file system.
CPFA0B1: Requested operation not allowed. Access problem.

Top