> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of John P Donnelly > Sent: Monday, May 12, 2008 11:06 AM > To: [email protected] > Subject: CA ACF2 SAF HFS Security and COCSTS32 >
[snip] > > Has anyone implemented ACF2 CA SAF HFS Security and setup the resource > rules for the HFS directories? > Is there a better way to protect the HFS directories from the > application programming staff? I don't know ACF2 at all. But why can't you just use the "standard" UNIX security on your UNIX files? I do and it works well. Standard UNIX security on directories / files have three "sets" of possible matches: "owner", "group", and "other". Each match has 0 to 3 allowable accesses: "read", "execute", and "write". "execute" on a directory really means "seach", that is the authority to search the directory for file names. "write" on a directory really means "alter" access to files in that directory (i.e. create or delete). The "chmod" command sets the security bits. Extended UNIX security can be set up via ACLs. They are basically the same functionality, but are kept in other "meta" data and are maintained with other commands: getfacl and setfacl. However, as pointed out already, this assumes that you are assigning unique UIDs for your programmers and that they have appropriate access to GROUPS with the appropriate GID values. Not difficult, but different from what z/OS security people are used to. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
