Manualshelf

HP-UX System Administrator's Guide: Configuration Management

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
61626364656667686970
Setting File Access Permissions
The /usr/bin/chmod command changes the type of access (read, write, and execute
privileges) for the file’s owner, group members, or all others. Only the owner of a file
(or the superuser) can change its read, write, and execute privileges. For details, see
chmod(1).
By default, new files have read/write permission for everyone (-rw-rw-rw-) and new
directories have read/write/execute permission for everyone (drwxrwxrwx). Default
file permissions can be changed using the /usr/bin/umask command. For details,
see umask(1). The default for trusted systems is different; see the HP-UX System
Administrator’s Guide: Security Management.
Setting Ownership for Files
The /usr/bin/chown command changes file user (and group) ownership. To change
the user, you must own the file (and belong to a group with the CHOWN privilege)
or have superuser privileges.
The /usr/bin/chgrp command changes file group ownership. To change the group,
you must own the file (and belong to a group with the CHOWN privilege) or have
superuser privileges.
For more information, refer to chown(1) and chgrp(1).
Setting Access Control Lists
Access control lists (ACLs) offer a finer degree of file protection than traditional file
access permissions. You can use ACLs to allow or restrict file access to individual users
unrelated to what group the users belong. Only the owner of a file (or the superuser)
can create ACLs.
ACLs are supported on both JFS and HFS file systems, but the commands and some
of the semantics differ. On a JFS file system, use setacl to set ACLs and use getacl
to view them. On an HFS file system, use chacl to set ACLs and use lsacl to view
them.
For a discussion of both JFS and HFS ACLs, see the HP-UX System Administrator’s Guide:
Security Management.
For additional JFS ACL information see setacl(1), getacl(1), and aclv(5).
For additional HFS ACL information, see lsacl(1), chacl(1), and acl(5).
Customizing System-Wide and User Login Environments
Defaults for system-wide variables, such as time-zone setting, terminal type, search
path, and mail and news notification, can be set in /etc/profile for Korn and POSIX
shell users and in /etc/csh.login for C shell users.
User login scripts can be used to override the system defaults. When HP SMH adds a
user, default user login scripts are copied to the users home directory. For Korn and
68 Configuring Users and Groups