Security

When using the integrated file system APIs, you can restrict access to objects as you can when using data management interfaces. Be aware, however, that adopting authorities is not supported. An integrated file system API uses the authority of the user profile under which the job is running.

Each file system may have its own special authority requirements. NFS server and file server jobs have special considerations. These jobs are generally performing functions on behalf of users who do not necessarily own the user profile for the job. NFS server requests run under the profile of the user whose user identification (UID) number was received by the NFS server at the time of the request. Other file server jobs perform requests for the user that are connected to the server.

Authorities on your system are the equivalent of permissions on UNIX systems. The types of permissions are read and write (for a file or a directory) and execute (for a file) or search (for a directory). The permissions are indicated by a set of permission bits, which make up the mode of access of the file or directory. You can change the permission bits by using the change mode functions chmod() or fchmod(). You can also use the umask() function to control which file permission bits are set each time a job creates a file.