Security for new objects
When you create a new object in the root (/) file system, the interface that you use to create it determines its authorities.
For example, if you use the CRTDIR command and its defaults, the new directory inherits all of the authority characteristics of its parent directory, including private authorities, primary group authority, and authorization list association. The following sections describe how authorities are determined for each type of interface.
Authority comes from the immediate parent directory, not from directories
higher up in the tree. Therefore, as a security administrator, you need to
view the authority that you assign to directories in a hierarchy from two
perspectives:
- How the authority affects access to objects in the tree, like library authority.
- How the authority affects newly created objects, like the CRTAUT value for libraries.
Recommendation: You may want to give users who work in the integrated file system a home directory (for example, /home/usrxxx), then set the security appropriately, such as PUBLIC *EXCLUDE. Any directories the user creates under their home directory will then inherit the authorities.