Security for new objects

 

When you create a new object in the "root" (/) file system, the interface that you use to create it determines its authorities.

For example, if you use the CRTDIR command and its defaults, the new directory inherits all of the authority characteristics of its parent directory, including private authorities, primary group authority, and authorization list association. The following sections describe how authorities are determined for each type of interface.

Authority comes from the immediate parent directory, not from directories higher up in the tree. Therefore, as a security administrator, you need to view the authority that you assign to directories in a hierarchy from two perspectives:

Recommendation: You may want to give users who work in the integrated file system a home directory (for example, /home/usrxxx), then set the security appropriately, such as PUBLIC *EXCLUDE. Any directories the user creates under their home directory will then inherit the authorities.

 

Parent topic:

Planning integrated file system security