New Features of MPE/iX: Using the Hierarchical File System

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System

Summary of content (242 pages)

PAGE 1
900 Series HP 3000 Computer Systems New Features of MPE/iX: Using the Hierarchical File System ABCDE HP Part No. 32650-90351 Printed in U.S.A.
PAGE 2
UNIX R is a registered trademark of Unix System Laboratories, Inc. in the U.S.A. and other countries. MS-DOS R is a U.S. registered trademark of Microsoft Corporation. Acknowledgements The information contained in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability or tness for a particular purpose.
PAGE 3
Printing History The following table lists the printings of this document, together with the respective release dates for each edition. The software version indicates the version of the software product at the time that this document was issued. Many product releases do not require changes to the document; therefore, do not expect a one-to-one correspondence between product releases and document editions. Edition Date Software Version First Edition Second Edition October 1992 April 1994 C.45.00 C.50.
PAGE 4
iv
PAGE 5
Preface MPE/iX, Multiprogramming Executive with Integrated POSIX, is the latest in a series of forward-compatible operating systems for the HP 3000 line of computers. In HP documentation and in talking with HP 3000 users, you will encounter references to MPE XL, the direct predecessor of MPE/iX. MPE/iX is a superset of MPE XL. All programs written for MPE XL will run without change under MPE/iX.
PAGE 6
All readers of this document should be familiar with performing the following tasks: Logging on and o the system Accessing les Using the MPE command interpreter (CI) Executing commands such as LISTF, NEWGROUP, CHGROUP, and ALTSEC Using UDCs Chapters 3, 7, and 8 are speci cally for experienced system administrators.
PAGE 7
Chapter 4 provides an overview of new and enhanced features accessible through MPE/iX system intrinsics. The new features described are hierarchical directories, MPE/iX byte-stream les, renaming a le across account boundaries, and append mode. Security, object ownership, and le manipulation commands and intrinsics have been enhanced. Although the information in this chapter is particularly relevant for programmers, other advanced users would bene t from reading it.
PAGE 8
The Glossary de nes many of the new terms used throughout this manual. For More Information For information on MPE/iX, refer to the full MPE/iX documentation set. The MPE/iX Documentation Guide (32650-90144) describes all available manuals. For details on new commands, refer to the MPE/iX Commands Reference Manual, Volumes I & II (32650-60115). For details on intrinsics, refer to the MPE/iX Intrinsics Reference Manual (32650-90028).
PAGE 9
MPE/iX Shell and Utilities Reference Manual, Volumes I and II (36431-90001 and 36431-90003) contain complete descriptions of all MPE/iX shell commands. HP C/iX Reference Manual (31506-90005) provides a complete reference for the C programming language. HP C Programmer's Guide (92434-90002) includes information on programming in C. HP C/iX Library Reference Manual (30026-90001) describes C library routines that are available in the POSIX.1/iX library. The POSIX.
PAGE 10
Where to Go for Information Information Covered Overview of new features in tutorial form What to Read Tutorial, Chapter 1 Whole Overview of all manual MPE/iX changes including programming and system administration changes Programming information including intrinsics changes Who Should Read All users Programmers, system managers, system operators, general users Chapters 2, 4, Programmers, 6, 7 advanced system managers System administration Chapters 2, 3, System managers, information 5, 6, 7, 8, 9 sy
PAGE 11
Contents 1. What's New on MPE/iX: Tutorial Summary of New Features . . . . . . . Hierarchical le system (HFS) . . . . HFS le names . . . . . . . . . . . HFS syntax . . . . . . . . . . . . New commands . . . . . . . . . . Enhanced commands . . . . . . . . Symbolic Links . . . . . . . . . . . Before You Start . . . . . . . . . . . Log on to the system . . . . . . . . Find out which release you're running . Create a le to work with . . . . . . Learning by Doing . . . . . . . . . . Use the HFS syntax . . . . .
PAGE 12
Learn about absolute and relative pathnames . . . . . . . . . . Try a few more LISTFILE commands List sets of objects on the system . . Search for les . . . . . . . . . . System Management Tasks . . . . . Create a directory under root . . . Security and directories . . . . . . Check directory permissions . . . . Change directory permissions . . . Move to a directory under root . . . Report disk usage . . . . . . . . Back up all les and directories . . . Contents-2 . . . . . . . . . . . .
PAGE 13
New commands . . . . Enhanced commands . . Enhanced Intrinsics . . . . System-Provided UDCs . . New and Enhanced Utilities New utility: PXUTIL . . New backdating tool . . Utility enhancements . . Computer-Based Training . MPE/iX Shell and Utilities MPE/iX Developer's Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. What's New for System Administrators? System Management Considerations . .
PAGE 14
Restricting Access to /tmp . . Creating les and directories . Renaming les and directories Deleting les or directories . . Backdating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4. What's New for Programmers? Summary of New and Enhanced Features New features . . . . . . . . . . . . Enhanced features . . . . . . . . . Hierarchical Directory Files . . . . . . The traditional MPE directory structure MPE/iX hierarchical directory structure features . . . . . . . . . . . .
PAGE 15
Opening a byte-stream le . . . . Record selection and data transfer Sequential access . . . . . . . Random access . . . . . . . . Append access and append mode Update access . . . . . . . . Moving the le pointer . . . . Renaming a File . . . . . . . . . . Enhancements to MPE/iX File System Security Features . . . . . . . . Object ownership . . . . . . . . . Sharing objects . . . . . . . . . . Closing a File . . . . . . . . . . . Closing shared les . . . . . . . . Closing directory les . . . . . . .
PAGE 16
6. Managing Directories What Is a Directory? . . . . . . . . . Pathnames . . . . . . . . . . . . . . Access to Directories . . . . . . . . . Creating and Naming Directories . . . . Conventions for naming directories . . Security when creating directories . . Creating directories in your current working directory . . . . . . . . Creating directories in another group . Listing Directories . . . . . . . . . . Listing Files in Directories . . . . . . . Deleting Directories . . . . . . . . . .
PAGE 17
Copying Files . . . . . . . . . . . Copying a le from an account to a directory . . . . . . . . . . . Copying a le from a directory to an account . . . . . . . . . . . Copying a le from one directory to another . . . . . . . . . . . Deleting Files . . . . . . . . . . . Storing Files . . . . . . . . . . . . Using Symbolic Links . . . . . . . . Creating symbolic links . . . . . . Deleting symbolic links . . . . . . Renaming symbolic links . . . . . Archiving symbolic links . . . . . . . 7-26 . 7-27 .
PAGE 18
Object creation . . . . . . . . . . . Object deletion . . . . . . . . . . . File renaming . . . . . . . . . . . File owner . . . . . . . . . . . . . SAVE access in MPE groups . . . . . CWD and le security . . . . . . . . Appropriate Privilege . . . . . . . . . System manager capability . . . . . . Account manager capability . . . . . Execute (X) Access . . . . . . . . . . Tasks Involving System Security . . . . Listing ACDs for les and directories . Changing access to les and directories Assigning ACDs . .
PAGE 19
Figures 1-1. MPE/iX File System Example . . . . 1-2. Location of the File That You Created 1-3. Location of the Directories That You Created . . . . . . . . . . . . 1-4. Location after Changing Directories . . 1-5. Moving Back to Your Logon Group . . 1-6. Moving to DIR2 . . . . . . . . . . 2-1. MPE/iX File System (Prior to Release 4.5) . . . . . . . . . . . . . . 2-2. MPE/iX File System (Release 4.5 and Later) . . . . . . . . . . . . . 2-3. HFS Pathname Example . . . . . . 4-1.
PAGE 20
Tables 1-1. Where Accounts, Groups, Directories, & Files Can Be Located . . . . . . 1-2. Maximum Lengths of Account, Group, Directory, and File Names . . . . 1-3. Syntax Summary . . . . . . . . . . 2-1. Summary of MPE/iX Programmatic Interface Limits . . . . . . . . . 2-2. Summary of MPE/iX CI Limits . . . 2-3. Native Mode vs Compatibility Mode Filename Lengths . . . . . . . . 2-4. New MPE/iX Commands . . . . . . 2-5. Enhanced MPE Commands . . . . . 2-6. System-Provided UDCs . . . . . . . 2-7.
PAGE 21
9-1. User Categories . . . . . . . . . .
PAGE 22
PAGE 23
1 What's New on MPE/iX: Tutorial As of Release 4.5 and 5.0, MPE/iX has hierarchical directories, o ers new commands, and allows you to use new le naming conventions among other new features. Many users want to learn by trying out the new features right away. This tutorial allows you to do just that. It doesn't try to explain everything. It just introduces you to some of the major enhancements. Other sections of this manual include more information and examples.
PAGE 24
Summary of New Features Hierarchical file system (HFS) This section brie y introduces some of the new features of MPE/iX that you will encounter in this tutorial: Hierarchical le system (HFS) HFS le names HFS syntax New and enhanced commands As of Release 4.5 and 5.0, the MPE/iX le system is hierarchical (tree structured) and can contain les at many di erent levels. This organization provides a special kind of le called a directory.
PAGE 25
Table 1-1. Where Accounts, Groups, Directories, & Files Can Be Located Location Before Release 4.5 Release 4.
PAGE 26
Figure 1-1 shows how you can organize les, accounts, groups, and directories in the le system. Notice that accounts, directories, groups, and les all connect back to one directory designated by a slash (/). This is referred to as the root or the root directory . Figure 1-1.
PAGE 27
HFS file names MPE/iX now allows you to assign longer le names than in previous versions of MPE/iX. Table 1-2 summarizes name lengths for accounts, groups, directories, and les previous to Release 4.5 or greater. Table 1-2.
PAGE 28
HFS syntax Table 1-3 summarizes some of the syntax enhancements introduced by the MPE hierarchical le system. The syntax that you are used to still works for les in groups and accounts. So to use HFS syntax, you must precede le and directory names with ./ or /. Otherwise, MPE/iX treats the names using traditional MPE syntax rules. This manual refers to les that are named using HFS syntax as HFS les . Table 1-3.
PAGE 29
New commands Enhanced commands ALTFILE alters a le's attributes such as UID and GID of a le, directory, and MPE group or account (except that the GID may not be altered for MPE groups or accounts). CHDIR lets you move your CWD (much like changing groups). DISKUSE displays disk space used by accounts, groups, and directories, that is, all items in the hierarchical le system. (The REPORT command still provides disk space accounting for accounts and groups.
PAGE 30
LISTFILE allows you to display directories and all HFS le names. PURGE deletes a le from the system. RESTORE returns les that have been stored on magnetic tape to the system. RUN executes a prepared or linked program. The only required parameter is prog le . If you specify any other parameters, they will override the default parameters that the creator of the program established, but only for that particular execution of the program.
PAGE 31
Before You Start Log on to your account as you normally do using your user name, account, and passwords. Log on to the system When trying commands in this tutorial, substitute the name of your account for YOURACCT and the group you are working in for YOURGRP. Your procedure may vary from the one shown above. Note d c For example: a :HELLO YOURNAME.YOURACCT ENTER ACCOUNT (ACCOUNT) PASSWORD: ENTER USER (USER) PASSWORD: HP3000 RELEASE: C.45.00 USER VERSION C.45.00 WED, MAY 10, 1992 9:18 AM . . .
PAGE 32
If the HPVERSION is C.45.00 or later, continue with the tutorial. Create a file to work with To build a le in YOURGRP.
PAGE 33
Learning by Doing Use the HFS syntax Note You can try some of the new features of MPE/iX with the examples in the rest of this tutorial. When you log on to the system, you are in a group within an account such as YOURGRP.YOURACCT. Files you work with, such as FILE1, can be referred to as FILE1.YOURGRP.YOURACCT or file1.yourgrp.youracct. MPE syntax automatically converts lowercase letters to uppercase. With the advent of the hierarchical le system, you can also refer to a le using the HFS syntax.
PAGE 34
Figure 1-2. Location of the File That You Created Figure 1-2 shows a picture of your le's location in the le system. YOURACCT is one level below the root directory. You logged on to YOURACCT and were placed into YOURGRP. Then you built a le called FILE1. Any other les that you have in YOURGRP are also located there with FILE1. List the file Note You can refer to a le using either the MPE or HFS syntax. Earlier you created a le called FILE1. The use of the LISTFILE command in this section is intentional.
PAGE 35
Both display the same result: FILE1 Be careful! HFS syntax is case sensitive but MPE syntax is not. You can type the following command, using MPE syntax in lowercase, and locate uppercase FILE1 in YOURGRP in YOURACCT. Try it. :listfile file1.yourgrp.youracct d c That's because MPE syntax upshifts everything. But because HFS syntax is case sensitive, the following command will not nd FILE1 in YOURGRP in YOURACCT: :listfile /youracct/yourgrp/file1 A component of the pathname does not exist.
PAGE 36
d c Watch out! If you try to create the directory without including ./ before the name, MPE/iX treats the name as a regular MPE name. It converts the letters to all uppercase. Try typing the following command: :NEWDIR Directory1 File name is more than eight characters long. (CIERR 532) Also notice: If you type the following command, MPE/iX creates a directory called DIR2 (uppercase). That is because you are using MPE syntax. Try it.
PAGE 37
List the directories d You use the LISTFILE command to list directories as well as les. Directories are special types of les. :LISTFILE ./Directory1 a PATH=/YOURACCT/YOURGRP/./ c Directory1/ b You can tell that it's a directory (rather than a le) in the command output because its name is followed by a slash. d To list all les and directories in your current working directory: LISTFILE ./@ a PATH=/YOURACCT/YOURGRP/.
PAGE 38
d :LISTFILE @ a FILENAME c DIR1 FILE1 b If you have other les in the group where you are working, they are listed along with FILE1. The result is the same if you omit @ and type LISTFILE since that is the default when no parameter is included with the command. List directories another way You can only use the system-provided UDCs, such as LISTDIR, if the system manager has activated them. Refer to the section \UDCs, JCL, Command Files, and Programs" in Chapter 3 for more information.
PAGE 39
You can also use the LISTDIR UDC to list directories in a speci c location: :LISTDIR /SYS/PUB This command locates any directories located in PUB.SYS. Move to the directory After you create a directory, you can move to it. :CHDIR ./Directory1 This command moves you to Directory1. Figure 1-4 shows you where you moved in the le system. Directory1 is now your current working directory. Figure 1-4.
PAGE 40
d c Again, use a ./ to act on HFS les. If you don't, MPE/iX acts only on MPE-named les. If you try to change to Directory1 without the preceding ./ the system treats the directory name as an MPE name and converts the letters to uppercase. It does not locate the directory. :CHDIR Directory1 File name is more than eight characters long. (CIERR 532) According to MPE syntax, the le name is limited to eight characters, but actually, two errors occur here.
PAGE 41
Figure 1-5. Moving Back to Your Logon Group Move to DIR2 You can move to the DIR2 directory that you created earlier. :chdir dir2 This command moves you to the directory called DIR2 since the MPE syntax rules are followed; these rules convert the name to uppercase. Notice when using HFS syntax, you can type the commands in uppercase or lowercase. Using lowercase is easier for some people. Otherwise, you can force speci c case for a name by beginning the name with ./ as shown here.
PAGE 42
Figure 1-6. Moving to DIR2 Create a subdirectory You can also create a directory within a directory. The previous examples put you in the DIR2 directory. Now try creating another directory with a long name: :newdir ./Long_Directory_Name Note HFS syntax allows you to use special characters in the name, such as \ " (underscore). You can also use characters like the \-" (hyphen) and \." (period or dot).
PAGE 43
List the subdirectory d Using LISTFILE or the LISTDIR UDC is the best way to list directories and subdirectories. :listfile ./@ a PATH=/YOURACCT/YOURGRP/DIR2/./ c Long_Directory_Name/ b Subdirectories can contain les or directories with names of up to 255 characters. d c Move to the subdirectory Using LISTDIR also lists directories. The output is similar: :listdir /YOURACCT/YOURGRP/.
PAGE 44
The location of the directory is presented from the root directory down to the current location in a pathname. The pathname is the path to the directory. Names are shown top-down rather than bottom-up. The rst / refers to the root directory. All directories, accounts, and les exist under the root. Slashes separate the pathname components. The last component of the pathname is the name of the current working directory. You used to use the SHOWME command to nd out your logon group.
PAGE 45
Create a file with a Move back to your logon directory: long file name d c d c /YOURACCT/YOURGRP/DIR2/Long_Directory_Name:chdir /YOURACCT/YOURGRP: Both MPE syntax and HFS syntax will work with your existing les or les with names conforming to MPE syntax. However, you must use HFS syntax to specify le names using HFS naming syntax (such as those using special characters or lowercase letters).
PAGE 46
Using the LISTFILE command with option 2 provides useful output. List files and directories in your In the following example, the le type for the directories, DIR2 and Directory1, is DBH. This is a new type that indicates that these are directories in binary form and they are hierarchical (as opposed to being groups or accounts).
PAGE 47
Delete a directory d c To delete Directory1: :purgedir ./Directory1 Directory "./Directory1" to be purged? (Yes/No)y MPE/iX deleted the directory because it was empty. (You need to use the TREE option with the PURGEDIR command to delete a directory that is not empty.) Learn about absolute and relative pathnames HFS syntax, like MPE syntax, allows the use of absolute pathnames and relative naming.
PAGE 48
:LISTFILE ./@,6 The command says, \list everything in the current working directory." Like the last command, it also lists the contents of /YOURACCT/YOURGRP because you are currently working in that directory. Try a few more LISTFILE commands You can use the TREE option to show all accounts, groups, les and directories below the speci ed point. :LISTFILE /YOURACCT;TREE Including a slash at the end of a directory name in the LISTFILE command is the same as specifying the keyword TREE in the command line.
PAGE 49
Search for files You can use the NAME option to look for an account, group, directory, or le. :LISTFILE /,6; NAME=D@ This command searches for all directories, accounts, groups, and les on the system that begin with D (or d). It searches through all levels of the le system hierarchy. In the MPE account structure prior to Release 4.5 (when there were only three levels), the following command sequence would have been used: LISTF D@.@.@ LISTF @.D@.@ LISTF @.@.
PAGE 50
d :NEWDIR /dir10 :LISTFILE /dir10 a PATH=/ c dir10/ This example creates, then lists, the directory dir10 created under the root directory. Security and directories The ability to move to, change, and work in directories is controlled by access control de nitions (ACDs). ACDs pair up speci c access permissions and users.
PAGE 51
d For example: a :listfile /dir10,acd PATH=/ -------------------ACD ENTRIES---------------------FILENAME c @.@ : RACD dir10/ b In the example, ACDs are listed for the directory called dir10. All users only have read ACD access to dir10. Only the creator and the system manager can access the contents of the directory or traverse the directory. To make directories accessible to your users, you will need to change the ACDs on the new directories. You do this using the ALTSEC command.
PAGE 52
This command moves you into directory dir10 and makes it your CWD. Report disk usage d c Use the DISKUSE command to report disk usage information about directories: :diskuse /YOURACCT/YOURGRP SECTORS TREE LEVEL DIRECTORY BELOW 96 64 /YOURACCT/YOURGRP/ a b The REPORT command provides information about les in groups only. d c Compare the output by issuing the comparable REPORT command: /dir10:REPORT YOURGRP.
PAGE 53
2 What's New: Overview This chapter provides an overview of MPE/iX enhancements as of Release 4.5 and 5.0 for system administrators, programmers, and other MPE/iX system users.
PAGE 54
enhanced features of MPE/iX. MPE/iX Release 5.0 is fully backwards and forward compatible with earlier versions of MPE. What's POSIX? POSIX is an acronym for Portable Operating System Interface. The POSIX standard, IEEE Std 1003.1-1990, is an international standard that de nes common interfaces as a basis for open systems. IEEE POSIX 1003 is actually a group of standards, each of which addresses a speci c area of system technology.
PAGE 55
services include creating and purging directories and les; creating, controlling, and terminating processes; interprocess communications (for example, signals); byte- stream les; user identi cation; grouping users for le sharing purposes; de ning and altering le security; grouping processes for signal sharing; and changing a user's location within the le system. How does POSIX change MPE/iX? In implementing the 1003.1 and 1003.2 functions, HP has enhanced the MPE/iX operating system.
PAGE 56
What does POSIX offer you? MPE/iX enhancements enable you to do the following: Port applications written to POSIX.1 standards. Use HFS directories to create multilevel data hierarchies. Provide case-sensitive names greater than eight characters in length. Rename and move les across account boundaries. Have a greater measure of control over les and directories on the system. When MPE/iX Release 4.5 and 5.0 is installed, you automatically have access to POSIX functionality.
PAGE 57
Postponing the use of POSIX features Hierarchical File System (HFS) MPE/iX file system The introduction of POSIX features on MPE/iX places new demands on system managers. Today, system managers have a full workload without extra time to learn the new POSIX concepts. Chapter 3 discusses options available to those of you who may wish to postpone using POSIX features. This section compares the traditional MPE le system with the enhanced MPE hierarchical le system (HFS). Prior to Release 4.
PAGE 58
Figure 2-1. MPE/iX File System (Prior to Release 4.5) MPE/iX hierarchical file system Beginning with MPE/iX Release 4.5, the le system structure of MPE/iX is enhanced with the introduction of the MPE/iX hierarchical directory structure. This was accomplished by integrating the MPE/iX HFS structure within and around the traditional MPE le system. This provides the bene ts of both structures to MPE/iX users without forcing them to choose one environment or the other.
PAGE 59
Figure 2-2 shows the MPE/iX le system structure introduced as of Release 4.5. In the gure, the boxed portion shows how the traditional account, group, and le system structure ts into the HFS structure. Notice that hierarchical directories and HFS les can now fall under traditional MPE groups. For example, the gure shows lowercase_file as being located in the PUB group of the ACCT1 account. Also notice that the directory dir3 falls under the GRP1 group in the SYS account.
PAGE 60
manual still refers to accounts and groups where necessary for clarity. When discussing characteristics of directories in general (including accounts and groups), this manual uses the term \directory." When referring speci cally to a directory that exists outside of the traditional account-group structure, this manual uses the term \HFS directory." Expanded File Naming Syntax A name syntax is a set of rules that de ne the structure of valid names in that syntax.
PAGE 61
File names preceded with a dollar sign refer to special system-de ned les. File, account, and group names cannot contain special characters. The envid component in the le name speci es the remote environment and has two valid forms: node[.domain[.organization]] envname[.domain[.organization]] Each node , envname , domain , or organization name can be up to 16 characters long and can include alphanumeric characters, the underscore ( ), and the hyphen (-). The rst character must be alphabetic.
PAGE 62
All characters are upshifted and treated as uppercase. Characters are validated against the accepted character set (A-Z, 0-9). File, group, and account name lengths are checked. Unquali ed names are resolved relative to the current working directory. (Typically, your current working directory is your logon group so everything works as it has in the past. But, you can now change your current working directory to a hierarchical directory and still use MPE syntax to create, list, purge, etc.
PAGE 63
Maximum pathname size is 1024 characters (including null terminator). You can refer to traditional MPE le names using HFS syntax (as well as using MPE syntax). However, you must specify the name in uppercase. HFS syntax does not upshift the characters. For example, if a le named BILLING exists in the PUB group of the MKTG account (BILLING.PUB.MKTG), you can refer to it using HFS syntax as ./BILLING if you are in the PUB group. You can also refer to it as /MKTG/PUB/BILLING. If you refer to the le as .
PAGE 64
Pathnames can be up to 1023 characters whereas traditional MPE names must be less than or equal to 26 characters (names can be up to 35 characters if a lockword is used). See Table 2-2 for CI restrictions. Using these conventions, the format of the MPE pathname MYFILE.PAYROLL.FINANCE appears as follows in HFS syntax: /FINANCE/PAYROLL/MYFILE In this example, it is assumed that MYFILE is a le under the PAYROLL group and FINANCE account.
PAGE 65
Figure 2-3. HFS Pathname Example Files can be referenced using either absolute or relative pathnames. An absolute pathname begins with a forward slash (/) and is interpreted starting from the root directory. A relative pathname is anything without a leading slash and is interpreted starting from your current working directory. When working in the MPE/iX shell, relative pathnames need not begin with a dot-slash (./).
PAGE 66
If your current working directory is /States/WI, you can display the St_Croix le using its relative pathname: :LISTFILE ./rivers/St_Croix Relative pathnames are interpreted with respect to your current location on the system. For example, given the hierarchical directory structure shown in Figure 2-3, the above relative pathname only works if you are in the WI directory. MPE-Escaped syntax is used by the CI and is the default for most intrinsics.
PAGE 67
Table 2-1. Summary of MPE/iX Programmatic Interface Limits Feature HFS Syntax MPE Syntax Maximum directory 512 (/1/2/3 . . . ) 3 (account, group, le) depth Maximum no. of characters in a component 255 8 Maximum characters in a pathname 1023 35 File location Under a group Under any root only directory, /, account, or group File referencing direction Bottom-up Top-down (/ACCT/GRP/file) (FILE.GRP.ACCT) Pathname separators Slashes (/) Dots (.
PAGE 68
Table 2-2. Summary of MPE/iX CI Limits Feature 2-16 What's New: Overview HFS Syntax MPE Syntax Maximum 512 (/1/2/ . . . /512) directory depth 3 ( le, group, account) Maximum number of characters in a component Up to 255 for les or directories under HFS directories (Note: See Table 2-3 for more information.) 8 for accounts, groups, or les Use of MPE syntax or HFS syntax Initial slash (/) or dot Lack of an initial / or . (.
PAGE 69
Table 2-2. Summary of MPE/iX CI Limits (continued) Feature File location HFS Syntax MPE Syntax Under any directory, /, Under a group only account, or group Maximum See Table 2-3. characters in pathname 35 (8 times 4) +3 Lockwords Not allowed Allowed.
PAGE 70
Manual, Volumes I & II (32650-60115) to learn in which mode each command is parsed. Table 2-3. Native Mode vs Compatibility Mode Filename Lengths Feature 2-18 What's New: Overview Native Mode Compatibility Mode Maximum directory depth 512 512 Maximum characters in a component 255 253 for relative pathnames (e.g., ./253chars) 254 for absolute names (e.g., /254chars) Maximum characters in a pathname 279 253 for relative pathnames (e.g., ./253chars) 254 for absolute names (e.g.
PAGE 71
New File Types Byte-Stream Files Symbolic Links on MPE/iX Release 4.5 and 5.0 of MPE/iX provide some new le types. Here is a brief de nition of them. Since these interfaces are based on a commonly used standard, many textbooks are available that contain a detailed discussion of their use. Byte stream les are simply a sequence (stream) of bytes. The term byte stream le is frequently used when talking about les with the byte stream record type, even though they are not a new le type.
PAGE 72
pathname passed as a parameter to one of the following POSIX functions: READLINK, RENAME, SYMLINK, UNLINK, CHOWN, and LSTAT. With these calls, the symbolic link itself is accessed or a ected. Pipes FIFOs New and Enhanced Commands New commands 2-20 What's New: Overview A pipe consists of two le descriptors connected such that data written to one can be read from the other in a rst-in- rst-out manner. A FIFO is a named pipe .
PAGE 73
Table 2-4. New MPE/iX Commands Command Name Enhanced commands Description ALTFILE Alters a le's attributes such as the UID and GID of a le, directory, MPE group or account (except that the GID may not be altered for MPE groups or accounts). CHDIR Changes the current working directory to any directory, including MPE groups and accounts. DISKUSE Displays disk space usage, in sectors, for one or more directories or a directory subtree.
PAGE 74
Table 2-5. Enhanced MPE Commands Command Name 2-22 What's New: Overview Summary of Changes ALTSEC Changes access permissions for HFS directories. ALTUSER Incrementally adds or subtracts user capabilities and modi es the user ID (UID). BUILD Supports HFS syntax for permanent les. Supports byte-stream les. COPY Copies les with HFS names. You can copy such les to and from HFS directories or MPE groups.
PAGE 75
Table 2-5. Enhanced MPE Commands (continued) Command Name Summary of Changes NEWUSER Provides the UID parameter to add a user ID to the user database. PLISTF Name changed from LISTF to PLISTF. PRINT Supports HFS le names. PURGE Supports HFS le names and wildcards. RENAME Supports HFS le names and renames across account boundaries. RUN Supports execution of HFS-named program les. SAVE Allows saving of HFS-named temporary domain les into permanent domain.
PAGE 76
Enhanced Intrinsics System-Provided UDCs As of Release 4.5, many existing intrinsics have been enhanced to support new features of MPE/iX. Refer to Chapter 4 for a complete list of the enhanced intrinsics. The MPE/iX Intrinsics Reference Manual (32650-90028) fully describes the enhanced intrinsics. Several UDCs are provided to simplify the use of the enhanced and new MPE/iX commands. Several of the system-provided UDCs tailor the use of the LISTFILE command within the hierarchical le system.
PAGE 77
Check with your system manager to determine whether or not these UDCs are activated on your system. For additional information on using these UDCs, refer to Chapters 5, 6, and 7 of this manual. A complete description of each UDC is included in the MPE/iX Commands Reference Manual, Volumes I & Il (32650-60115). New and Enhanced Utilities New utility: PXUTIL Two new utilities have been added to MPE/iX and FSCHECK has been enhanced.
PAGE 78
Utility enhancements 2-26 What's New: Overview Table 2-7 summarizes enhancements to FSCHECK, DEBUG, and FCOPY. For detailed information on these utilities, refer to Chapter 3 of the MPE/iX System Utilities Reference Manual (32650-90081). Enhancements have also been made to DISCUTIL and VOLUTIL.
PAGE 79
Table 2-7. Utility Enhancements Summary of Changes Utility Name DEBUG The following DEBUG commands now support HFS pathnames: LIST LOG MAP MAPLIST REGLIST RESTORE STORE SYMFILES SYMOPEN SYMPREP TXW USE The following DEBUG functions now support HFS pathnames: mapsize mapva The following DEBUG environment variables are available: POSIX_FNAMES POSIX_OS DISCUTIL DISCUTIL can be used to store HFS les and directories.
PAGE 80
Computer-Based Training MPE/iX Shell and Utilities You can learn about the new features of MPE/iX by using the POSIX Computer-Based training supplied with the MPE/iX operating system. The course is primarily for system managers who want to learn about how to manage the hierarchical le system. The POSIX 1003.2 standard is implemented on MPE/iX as the MPE/iX Shell and Utilities (commonly referred to as the MPE/iX shell or the shell).
PAGE 81
Table 2-8.
PAGE 82
MPE/iX Developer's Kit Programmers who want to develop POSIX applications on MPE/iX or use POSIX functions can use the MPE/iX Developer's Kit (36430A). In addition, C library functions available through this kit provide a robust programming interface to many of the MPE/iX enhancements. The MPE/iX Developer's Kit is a separate product that must be purchased speci cally. It includes the following: POSIX.
PAGE 83
The POSIX.1 Standard: A Programmer's Guide (36430- 90003) by Fred Zlotnick, Benjamin/Cummings Publishing Company, Inc., 1991. A programmer's guide to using POSIX.2 C library functions to create portable programs.
PAGE 84
PAGE 85
3 What's New for System Administrators? This chapter provides conceptual information about what's new as of Release 4.5 and 5.0 speci cally for system administrators. You should read and be familiar with Chapter 2 before reading this chapter.
PAGE 86
System Management Considerations System administrators should be aware of the following considerations concerning MPE/iX at Release 4.5 and 5.0: Syntax The HPPATH system variable does not accept HFS pathnames. Consequently, you cannot include HFS pathnames in the default search path for a session. Remote le access does not support HFS syntax.
PAGE 87
Commands Groups Accounting Frequently used MPE commands directly support HFS syntax, some do not. The HELLO and JOB commands only log on to a group. The FILE command allows HFS pathnames only on the right side of the equation. You should use the DISKUSE command instead of the REPORT command to report on disk usage of HFS directories that exist outside groups and accounts. Databases are supported only in MPE groups. Compatibility mode les can reside only in MPE groups.
PAGE 88
POSIX Computer-Based Training Due to all of the changes to MPE/iX relating to the addition of POSIX functionality, a computer-based training course is available online. The course is primarily for system managers who need to manage MPE/iX systems which are updated to Release 5.0. The training is automatically installed in the SYS account when you update to Release 5.0. To take the training, you need to log on to your system and type the following: :POSIXCBT.LSN.
PAGE 89
Table 3-1. Examples of Wildcard Resolutions Filename Speci ed Pattern Matched @ Zero or more occurrences of A-Z, 0-9. [ab] One occurrence of A or B. [a-c] One occurrence of A, B, or C. ./@ Zero or more occurrences of: a-z A-Z 0-9 Dot (.) Underscore ( ) Hyphen (-) ./[aB] One occurrence of a or B. ./[a-c] One occurrence of a, b, or c. ./@[-ac] Name ending in -, a, or c.
PAGE 90
In addition, the following UDCs are provided to simplify searching for les and directories within the hierarchical le system: The FINDDIR UDC nds a speci ed directory. The FINDFILE UDC nds a speci ed le. Refer to Volume 1 of the MPE/iX Commands Reference Manual (32650-90003) for details on using the UDCs. Backup and Restore MPE/iX provides the STORE/RESTORE facility and TurboSTORE II/iX, which enable you to back up les and transfer les from one MPE system to another.
PAGE 91
UDCs, JCL, Command Files, and Programs Existing UDCs, JCL, command les, and programs function on MPE/iX as they do on MPE XL. By default, existing MPE XL commands and intrinsics take MPE syntax rather than HFS syntax. MPE/iX also provides several useful UDCs listed in the section called \System-Provided UDCs" in Chapter 2. These are located in HPPXUDC.PUB.SYS. You need to activate these UDCs using SETCATALOG as you would other UDCs.
PAGE 92
Accounting MPE/iX allows system managers to limit the amount of disk space that a user may be allocated. Disk space limitations can only be placed on MPE/iX accounts and groups. However, a limit placed on an account or group is also imposed on all hierarchical directories and les created at all levels beneath that account or group. Users may create les outside their logon account if granted the proper access to do so.
PAGE 93
Applications POSIX-Compliant Applications Postponing POSIX Because MPE/iX is backwards and forward compatible, the behavior of existing MPE applications will remain the same on systems that do not take advantage of the hierarchical le system. You can run POSIX-compliant applications on MPE/iX. Follow the application instructions for installing and running the application.
PAGE 94
group. You can also restrict the use of the .2 shell by adding a lockword. 2. You can update to Release 5.0 and purge all of the FOS HFS les and the HPBIN.SYS group. This will save you some disk space, but will not prevent a user from creating an HFS object. 3. You can update to Release 5.0 and buy a commercially available software product that disables the HFS-related features of MPE/iX. User and Group IDs Each MPE/iX user has an associated user ID (UID). The UID is a string (in the form user.
PAGE 95
File Ownership Prior to Release 4.5, MPE has used the creator name, an unquali ed user name, to track le ownership. The system only recorded le creators (not the creators of accounts or groups). As of Release 4.5, les and HFS directories can be created outside the logon account if the user has the appropriate access to do so. Therefore, unquali ed user names are no longer su cient for indicating object ownership. As of Release 4.
PAGE 96
The complete user and group databases can be rebuilt using the RESTORE command with the DIRECTORY option. Refer to the section \Reloading Hierarchical Directories" in Chapter 8 for more information. MPE/iX Security Components Access control definitions This section describes some existing security features then introduces security enhancements and their implications for system administrators. MPE/iX continues to support access control de nitions (ACDs).
PAGE 97
Access modes ACD pairs control the access and manipulation of HFS directories and the les within them. MPE/iX has enhanced ACDs to support four new ACD access modes. The ACD access modes are as follows: Permissions common to files and directories RACD Copy or read the ACD. NONE Deny access. File permissions R W L A X Read a le. Write to a le. Lock a le. Append to a le. Execute a le. Directory permissions CD DD RD TD Create directory entries. Delete directory entries. Read directory entries.
PAGE 98
$GROUP speci es users with a GID that matches the current group ID of the object. $GROUP permits dynamic reference to the GID of an object. This is useful because GIDs of les and directories can be changed programmatically or using chown in the MPE/iX shell. When the GID of a le is changed, it is not necessary to modify an ACD to correct le sharing. $GROUP_MASK restricts the access granted by ACD entries other than $OWNER and @.@.
PAGE 99
means is that there may be cases where the GID of a le or directory within an account has been changed programmatically or using chown() in the MPE/iX shell so that an AM for that account cannot access it, or the le or directory was created by a user with a di erent GID. Lockwords A le's creator can assign or remove a le lockword. Lockwords can only be assigned to les, not to directories. Lockwords can only be assigned to les in MPE groups.
PAGE 100
group must have SAVE access assigned to it before les and directories can be created at any level under it. Renaming files and directories Users with su cient access can rename or move a le between directories. The le's creator is no longer the only user able to do this. Only the le creator can perform a rename operation if the lockword of the le is being changed.
PAGE 101
Backdating Note Occasionally it is necessary to reinstall an earlier version of MPE/iX after having updated a system to the latest release. This is called backdating a system. The HP 3000 MPE/iX Installation, Update, and Add-On Manual (36123-90001) provided with the MPE/iX software includes the information required for backdating a system. Backdating a system is not a trivial task and should be done only if absolutely necessary. You should contact the Response Center before backdating.
PAGE 102
whose le labels, ACDs, or transaction management logs that are not compatible with the earlier release.
PAGE 103
4 What's New for Programmers? This chapter provides application developers with information about new MPE/iX features available through MPE/iX system intrinsics. Summary of New and Enhanced Features New features Enhanced features This section provides a quick summary of new and enhanced features accessible through MPE/iX system intrinsics. Refer to later sections in the chapter for more detailed information about these features.
PAGE 104
Table 4-1. Enhanced MPE/iX Intrinsics Intrinsic Name Summary of Changes FCHECK Provides additional le system error codes. FCLOSE Supports hierarchical directories and bytestream les. FCONTROL Supports hierarchical directories and bytestream les. FFILEINFO Enhanced and new item numbers return information about hierarchical directories and byte-stream les. Supports HFS syntax.
PAGE 105
Table 4-1. Enhanced MPE/iX Intrinsics (continued) Intrinsic Name Summary of Changes FREADSEEK Supports byte-stream les. FRENAME Supports HFS syntax. Supports renaming of les across account boundaries. FSPACE Supports byte-stream les. FWRITE Supports byte-stream les. FWRITEDIR Supports byte-stream les. FWRITELABEL Supports byte-stream les. HPACDINFO Supports HFS syntax. Provides new and enhanced security features. HPACDPUT Supports HFS syntax. Provides new and enhanced security features.
PAGE 106
Hierarchical Directory Files The traditional MPE directory structure The following sections provide information about hierarchical directory les of interest to application developers who wish to use MPE/iX system intrinsics to manage their applications within the hierarchical directory structure. A directory is a repository of information about objects on a computer system. Objects can be either les or directories.
PAGE 107
This has been accomplished by successfully integrating MPE/iX hierarchical directory structure within and around the traditional MPE directory structure, thus providing the bene ts of both directory structures to existing and new users. Note MPE/iX hierarchical directory structure features All existing applications provided on HP 3000 Series 900 computer systems continue to function exactly as they have in the past.
PAGE 108
Traditional MPE accounts and groups are considered in the HFS context to be directories. However, they are special directory structures that include hierarchical directory behavior while continuing to serve within the MPE framework. Following are special features of the MPE/iX root directory and MPE/iX account and group directories to ensure both backward compatibility and forward bene t. Root directory features The MPE/iX root directory (/) cannot be renamed, copied, or purged.
PAGE 109
cannot be created, renamed, copied, or purged through the MPE/iX shell. GID = account name Access permissions for an MPE/iX account are RD & TD for all users and CD & DD for none. Attempts to use the ALTSEC command or chmod MPE/iX shell command to remove access permissions of an MPE/iX account result in an error. When an MPE/iX account name is a component in an HFS pathname, it must be speci ed in uppercase. MPE/iX accounts are restricted to the MPE/iX system volume set.
PAGE 110
Default access permissions for MPE/iX groups are RD & TD for all users and CD access for none. Attempts to remove access permissions of an MPE/iX group result in an error. An MPE/iX group must have MPE/iX save access assigned to it before les and directories can be created at any level under it. For more information about MPE/iX save access, refer to the manual Manager's Guide to MPE/iX Security (32650-90474). When an MPE/iX group name is a component in an HFS pathname, it must be speci ed in uppercase.
PAGE 111
The renaming of a directory must be within the same disk space accounting domain. Users can de ne and modify access permissions for hierarchical directories. The group ID (GID) of a hierarchical directory is inherited from its parent directory. The user ID (UID) of a hierarchical directory is inherited from the user who created it. The UID and GID of a hierarchical directory can be modi ed using the ALTSEC command or the MPE/iX shell chown command.
PAGE 112
Hierarchical directory files Beginning with MPE/iX Release 4.5, the directory le type is available to allow an MPE/iX le to reproduce POSIX directory le behavior. The POSIX standard de nes a directory to be a special le that contains directory entries of all les and directories located directly beneath it. Users can create directories and read directory entries but cannot directly write to directory les.
PAGE 113
Table 4-2. HFS Directory File Attributes and/or Access Options Attribute Name File type Dynamic locking Exclusive Nowait I/O Record format Domain Carriage control Access type Multirecord ASCII/binary Remote environment File size Copy mode Record size File code Number of bu ers User labels File equations Default Directory (DIR) disk le. Must be explicitly speci ed in order to create a hierarchical directory. Disabled. Any value other than 0 will result in error. Shared.
PAGE 114
The dot (.) and dot-dot (..) directories When a hierarchical directory is rst created, two special directory les are placed in the directory: The dot (.) directory entry is an alternative way to specify the directory itself without having to use a formal directory le name. The dot-dot (..) directory is an alternative way to specify the directory's parent directory without having to use a formal directory le name. The dot and dot-dot directories provide additional navigation aids to a process.
PAGE 115
read access during pathname resolution and write access when new les are either created or purged in the hierarchical directory. The FCONTROL intrinsic item number 5 \rewind" option allows you to rewind a hierarchical directory entry pointer to the rst entry of the directory.
PAGE 116
You cannot purge a hierarchical directory that has entries in it other than the dot and dot-dot directory entries. You must rst purge all objects under a hierarchical directory before you can purge that directory. The only exception to this rule is when you use the PURGEGROUP command from the MPE/iX CI to purge an MPE/iX group directory, or the PURGEACCT command to purge an MPE/iX account directory (and all groups under it).
PAGE 117
Removing symbolic links Symbolic links can be removed in the following ways: 1. POSIX C-library function unlink 2. MPE/iX command PURGELINK :PURGELINK ./syml This purges the le syml. Renaming symbolic links Symbolic links can be renamed by calling the POSIX C-library function rename. The MPE/iX command RENAME does not rename the symbolic link itself, it renames the le pointed to by the symbolic link.
PAGE 118
Pipes A pipe provides a method to take output from one process and use it as input to another process. The HPPIPE intrinsic creates a new le type object called pipe for this purpose. It provides a one-way ow of data. After creating a pipe le type object, the HPPIPE intrinsic returns both read-access and write-access le numbers. Related processes can access the pipe. Data can be written to the write-end and read from the read-end of the pipe. The data is accessed in a rst-in- rst-out manner, or FIFO.
PAGE 119
MPE/iX Byte-Stream Files Note Beginning with MPE/iX Release 4.5, the byte-stream record format is available to allow an MPE/iX le to reproduce POSIX byte-stream behavior. In this manual, the term \byte-stream le" is used to refer to an MPE/iX standard ASCII disk le with a record format of byte- stream. The standard le used in a POSIX environment is the byte-stream le. Conceptually, a POSIX byte-stream le has no system-de ned record structure.
PAGE 120
Table 4-3. Access Attributes of Byte-Stream Files Attribute Name Domain Record format Carriage control File type Multirecord Copy mode Record size Remote environment File size Block factor 4-18 What's New for Programmers? Default Must explicitly specify \create as a permanent le" if the le is being created under a hierarchical directory. Byte-stream. Must be explicitly speci ed in order to create a byte-stream le. No carriage control (NOCCTL). All other speci cations are ignored.
PAGE 121
Table 4-3. Access Attributes of Byte-Stream Files (continued) Default Attribute Name Fill character ASCII null character. Unlike other record formats, the le system does not pad byte-stream les except when the FPOINT intrinsic is called to set the record pointer beyond existing data in the le. If data is later written at this point, the resulting gap is padded with ASCII null characters. Inhibit Inhibit bu ering (NOBUF). All other bu ering speci cations are ignored. ASCII/binary ASCII.
PAGE 122
HPFOPEN record format option (item 77). The behavior of byte-stream les is described in the following sections. The open byte-stream le behaves as a variable-length record format le if you do not explicitly specify \bytestream" in the record format option. (The default MPE system behavior.) Opening a byte-stream le as a bu ered variable-length record format le allows existing applications to access a byte-stream text le in a known and expected manner without having to perform any code revisions.
PAGE 123
(this value must be passed as a negative-signed integer value to indicate byte transfer). Sequential access. Byte-stream les are always opened for multirecord access. Because data transfer to and from byte-stream les usually occurs in blocks of bytes, data transfer to and from byte- stream les usually occurs using sequential access. Sequential access is the typical form of byte-stream data transfer. The behavior of both the FWRITE and FREAD intrinsics are straightforward with respect to byte-stream les.
PAGE 124
record structure in a byte-stream le, applications that require some form of record structure in order to randomly access user-de ned records in the le must de ne and manage their own record blocking and deblocking. Append access and append mode. A byte-stream le opened for append access using the HPFOPEN/FOPEN \access type" option performs in a straightforward manner. When the le is opened, the record/byte pointer is set to the end of the le.
PAGE 125
Update access. Update access is not allowed on byte-stream les. If you attempt to set the access type option of HPFOPEN/FOPEN to \update" when opening a byte-stream le, an error occurs. Likewise, a call to the FUPDATE intrinsic on a byte-stream le results in an error. Moving the file pointer. Use the FPOINT intrinsic to move the record pointer from its current o set to any o set in a byte-stream le. FPOINT also allows you to set the record pointer beyond existing data in the le.
PAGE 126
Renaming a File Prior to MPE/iX Release 4.5, les could not be renamed across account boundaries. A reason for this restriction was to ensure le security. This restriction also made it so that disk space would be accounted to the account in which the user was located. File ownership speci ed in the le's label was limited to only the creator name in the form username , a character string representing the name of the user who created the le (for example, LINDA).
PAGE 127
owner LINDA.FINANCE from LINDA.MARKETNG and does not allow LINDA.MARKETNG creator/owner access to that le. File labels of les existing on your system prior to MPE/iX Release 4.5 that have not been copied or renamed continue to specify ownership using only the creator name (in the form username ). Since these les remain within the MPE account structure (that is, directly under MPE groups), either standard MPE le system security features or ACDs continue to ensure security for these les.
PAGE 128
Create directory entry (CD) access to the target le's parent directory (speci ed in the ACD associated with directory1/ ). Standard le system security provisions or the ACD associated with the source le allows the user write access to the source le if it lives in a group. Write access to the le is only required for les in MPE groups. It is part of the de nition of DD access for groups.
PAGE 129
JOE associated with them. This did not cause security problems because neither JOE could create les outside their own logon account. Beginning with MPE/iX Release 4.5, les and hierarchical directories can be created outside the logon account. For example, if given the proper access rights, JOE.FINANCE can create a le in the same directory that JOE.PAYROLL can. Using only the creator name to determine ownership, MPE/iX cannot determine which JOE is the creator of this le.
PAGE 130
upon appropriate privilege. Account managers did not retain any additional access to MPE groups they had created if their AM capability was removed by their system manager. Starting with MPE/iX Release 4.5, the ability to create or delete entries in the root directory, MPE groups, and MPE accounts is no longer based solely on appropriate privilege. Directory le owners are granted all access to the directories they own. Sharing objects Prior to MPE/iX Release 4.
PAGE 131
Closing a File Closing shared files The following sections describe modi cations to the behavior of the FCLOSE intrinsic beginning with MPE/iX Release 4.5. Prior to Release 4.5, if a con ict occurred between the disposition speci cations of multiple FCLOSE intrinsic calls on a shared le, the disposition speci cation that had the lower positive-integer value always took precedence when the le was nally closed. Beginning with Release 4.
PAGE 132
Listing File Information The PRINTFILEINFO intrinsic has been enhanced to display le attributes and access options introduced with MPE/iX Release 4.5, including new record formats, le types, and directory types. The le creator eld of the PRINTFILEINFO display has been enhanced to re ect the new concept of le ownership (in the form username.accountname ). The le creator display eld (identi ed by ID IS . . . ) has been moved to the line following its past position and given the new identi er FILE OWNER: . .
PAGE 133
d c +-F-I-L-E---I-N-F-O-R-M-A-T-I-O-N---D-I-S-P-L-A-Y-----------+ ! FILE NAME IS /users/linda/official/finances/payroll/sandiego/user-identifi ! ! cation ! ! FOPTIONS: NEW,BINARY,FORMAL,F,NOCCTL,FEQ ! ! NOLABEL ! ! AOPTIONS: INPUT,NOMR,NOLOCK,DEF,BUF,NOMULTI ! ! WAIT,NOCOPY ! ! DEVICE TYPE: 3 DEVICE SUBTYPE: 8 ! ! LDEV: 62 DRT: 8 UNIT: 0 ! ! RECORD SIZE: 128 BLOCK SIZE: 128 (WORDS) ! ! EXTENT SIZE: 128 MAX EXTENTS: 8 ! ! RECPTR: 0 RECLIMIT: 1023 ! ! LOGCOUNT: 0 PHYSCOUNT: 0 ! ! EOF AT: 0 LABEL ADDR: %0000
PAGE 134
Terminating File Name Strings Many MPE/iX intrinsics that access a le by its le name require that you terminate the le name string speci ed in the formaldesignator parameter with a nonalphanumeric character that is not reserved by MPE/iX. Prior to MPE/iX Release 4.5, you could use the nonalphanumeric characters, such as \-" and \ " to terminate a le name string. Beginning with MPE/iX Release 4.
PAGE 135
Accessing a File by Its File Name Enhanced intrinsic parameters MPE/iX intrinsics that access a le by its le name require that you pass the le name string in the formaldesignator parameter. Some of these intrinsics have additional parameters that either pass or return le name strings. Most, but not all, parameters have been enhanced to accommodate HFS syntax. The following MPE/iX intrinsics have been enhanced to accommodate a le name string that uses either MPE syntax or HFS syntax. Table 4-4.
PAGE 136
For additional information about these intrinsics, refer to the appropriate intrinsic descriptions located in the MPE/iX Intrinsics Reference Manual (32650-90028). Special enhancements to HPFOPEN The HPFOPEN intrinsic provides an optional exception to the rule for specifying le names using HFS syntax. HPFOPEN item number 41 enables you to pass a value that indicates how HPFOPEN should interpret a le name passed in item numbers 2 or 51. The following table describes item number 41: Table 4-5.
PAGE 137
For additional information, refer to the HPFOPEN intrinsic description located in the MPE/iX Instrinsics Reference Manual (32650-90028). Restricted intrinsic parameters The following MPE/iX intrinsics have not been enhanced to accommodate a le name string that uses HFS syntax. File names must be speci ed using only MPE syntax. Table 4-6.
PAGE 138
PAGE 139
5 Managing Accounts, Groups, and Users This chapter is primarily for system administrators who manage accounts, groups, and users. However, the information it contains is also useful to programmers who may need to understand user and group IDs. Background HP 3000 computers have traditionally been designed for use in an o ce setting where users work in separate departments. All of the users in a particular department are typically grouped together and placed in one account.
PAGE 140
The data associated with the user is stored in separate user and group databases. This means that on MPE/iX, users with proper security permissions can move outside of account boundaries. Users can be allowed to have more exibility to move around to di erent directories within the hierarchical le system. Setting Up Group and User Databases The UID and GID databases are a required part of any operating system that implements POSIX standards.
PAGE 141
Group ID Note The term group in this context is distinct from an MPE group. To clarify, this document refers to groups under accounts as MPE groups. The group database de nes members of a le sharing group. The database also maps numerical group IDs to POSIX.1 group names in the le called HPGID.PUB.SYS. The GID is a unique number that identi es the group. MPE/iX automatically assigns a group ID when you create a new account unless you specify one.
PAGE 142
PXUTIL has been created to provide the commands VERSION, BACKDATE, and PURGE along with current commands of HELP, QUIT, and EXIT. The UPDATE PXUTIL command has been obsoleted due to the redesign of the UID/GID databases. The following describes these new commands: 1. VERSION d c The VERSION command displays the versions of the database les, the number of valid records in the databases, and the next UID and GID numbers to be used. :PXUTIL.PUB.SYS PXUTIL> version UID DATABASE: HPUID.PUB.
PAGE 143
d a :PXUTIL.PUB.SYS PXUTIL> backdate You MUST do a :STORE ;;DIRECTORY BEFORE running this pre-backdating operation to preserve user information. Continue (Y/N)? c 3. PURGE The PURGE command purges old UID/GID database les created from a UID/GID system boot error (HPUIDOLD.PUB.SYS, HPUIDONX.PUB.SYS, HPGIDOLD.PUB.SYS, and HPGIDONX.PUB.SYS). 4. HELP The HELP command displays instruction on the utility. 5. QUIT The QUIT command exits the utility. 6. EXIT The EXIT command exits the utility.
PAGE 144
The tasks of creating accounts and users are described in Performing System Management Tasks (32650-90004). Setting up accounts To set up an account, use the NEWACCT command and its options. Refer to the MPE/iX Commands Reference Manual, Vol. I (32650-90003) for the complete syntax of NEWACCT. You must have system manager capabilities to set up a new account. You must specify the account name and identify an account manager.
PAGE 145
Adding users To add a user to an account, use the NEWUSER command and its options. Refer to the MPE/iX Commands Reference Manual, Vol. I (32650-90003) for the complete syntax of NEWUSER. Only the system manager or the account manager for the account can add new users. You must include a user name. If you do not include an account name, the user is added to the account that you are currently in. For example, you can create a new user in the PAYROLL account as follows: :NEWUSER BANKS.
PAGE 146
PAGE 147
6 Managing Directories This chapter describes what a directory is and de nes related terminology. Then it includes step-by-step procedures on how to manage directories on MPE/iX, including: Creating directories Listing directories Changing the current working directory Determining space used by directories Repairing directories Deleting directories What Is a Directory? A directory is a special kind of le that contains entries that point to other les and directories.
PAGE 148
MPE/iX has four types of directories: root directory accounts MPE groups hierarchical directories The structure of the HP 3000 le system traditionally allowed for a three-level hierarchy made up of accounts, groups, and les. Files could exist only below MPE groups. The directory structure on MPE/iX is hierarchical (like a tree structure). You can create directories in groups and accounts that can, in turn, hold les and subdirectories.
PAGE 149
Figure 6-1. Example of Hierarchical Directory Structure Pathnames A pathname describes the route (or path) to a le. It is composed of the le name pre xed by any directory names. A slash (/) separates each part of a pathname. The maximum pathname length is 1023 characters. Although pathnames can be 1023 characters, other system limits restrict pathname length. For example, the command interpreter limits the number of characters you can type in a command to 511 characters.
PAGE 150
1023 characters. For example, the STORE utility will not be able to back up these les. The o ending objects will have to be removed \by hand" by setting your CWD far enough down the path so that a 1023 character relative name can reference and purge the les and/or directories. When the pathname begins at the root directory, it is called an absolute pathname. An example of an absolute pathname is: /SYS/MYGRP/dir1/2file The example describes the location of the le 2file.
PAGE 151
You can use access control de nitions (ACDs) to grant the following accesses to directories: Access to Directories CD - Create directory entries DD - Delete directory entries RD - Read directory entries TD - Traverse directory entries RACD - Read ACD NONE - No access Note By default, directories allow Read ACD privilege to all users on the system (RACD:@.@). You assign or change directory ACDs using the ALTSEC command. You can use the LISTFILE command to display directory ACDs.
PAGE 152
Once a le or directory is created under the root or an account, the security for that object can be changed to allow broader access, if desired. Creating and Naming Directories Conventions for naming directories This section describes the following topics: Conventions for naming directories Security when creating directories Creating directories in your current working directory Creating directories in another group Directory names follow the same rules as le names.
PAGE 153
The name dot-dot refers to thedirectory that is the next level up, also called the parent directory . Refer to Tables 2-1, 2-2, and 2-3 in Chapter 2 for additional naming restrictions. Security when creating directories You can create directories in any directory, group, or account to which you have CD access.
PAGE 154
If you want to use HFS syntax for naming a directory, you need to preface the name with ./ or /. For example, to create a directory with a lowercase name: :NEWDIR ./cprogs This example creates the directory cprogs in your current working directory. Creating directories in another group To create a directory in a group other than your logon group, use the full pathname of the directory in the NEWDIR command line.
PAGE 155
To list only the directories that are within the current working directory, use the LISTDIR system-provided UDC. The LISTDIR UDC invokes the LISTFILE command. For example: :LISTDIR This example lists all directories in your current working directory. Note that it does not list subdirectories that may exist below any of the directories located there. LISTDIR can be used to show directories anywhere on the system: LISTDIR / Use the LISTFILE command to list les in directories.
PAGE 156
Use the PURGEDIR command to delete a hierarchical directory. MPE-Escaped naming rules apply. Deleting Directories You cannot use PURGEDIR to delete an account, an MPE group, the root directory, or a le. You will receive an error message if you try. Although you can specify (.) and (..) in the PURGEDIR command, you cannot delete these directories. You must have traverse directory entries (TD) access to the directory you want to delete and any other directories referenced in the pathname.
PAGE 157
Deleting directories that are not empty To delete a directory that is not empty: Use the PURGEDIR command with the TREE option, or specify a pathname ending in /. For example: :purgedir /MYACCT/MYGRP/dir1 ;TREE or :purgedir /MYACCT/MYGRP/dir1/ Both of these examples perform the same action: they delete dir1 and any les or directories in dir1. You must have TD and DD access to dir1 and any directories in it to delete them.
PAGE 158
:purgedir TMP@; TREE To delete all directories under the CWD with names ending with TMP, and all objects below these directories: :purgedir ./@TMP/ When wildcards are speci ed with dir name , then RD access is required to the parent directory of each wildcard component. If the purge is multilevel, then TD, RD, and DD accesses are necessary to each directory below dir name . Changing Your Current Working Directory Use the CHDIR command to move your CWD from one directory to another.
PAGE 159
:chdir .. Here .. represents the next level up or the parent directory. You can also most simply type :chdir to move back to your initial working directory (logon group). :chdir /SYS/PUB/CMDFLS This example changes to the directory CMDFLS in the PUB group in the SYS account. Showing Your Current Working Directory d c MPE/iX provides a CI variable called HPCWD that keeps track of your current working directory (CWD). As you move around in the le system, it is useful to display your current location.
PAGE 160
Use the DISKUSE command to display the amount of disk space used by a directory. You must have traverse directory entries (TD) and read directory entries (RD) permissions to directories you want to report on. Listing Space Used by Directories The REPORT command does not provide detailed line items for directories below accounts. Note d c For example: :DISKUSE /CYC SECTORS TREE LEVEL BELOW 950 200 a DIRECTORY /CYC/ This command displays the disk space used by directory /CYC.
PAGE 161
If you add up all of the tree'd items you will sum to the total. You can also report the disk space used by a directory and all subtrees below it. If you specify a directory ending with a / and use HFS syntax or use the TREE option, the command reports the amount of space used by it and all directories in it.
PAGE 162
Refer to the MPE/iX Commands Reference Manual, Vol. I (32650-90003) for details on the syntax of the DISKUSE command and the DISCUSE UDC. You have a lot of exibility in naming directories and les by using symbolic links. What if you want to move a set of les from one location to another without a ecting the normal processing of any application that accesses those les.
PAGE 163
From this point on, anytime an application accesses these les by their old names, the symbolic links will redirect the le system to the new location of the les. Note This only applies to commands that operate on the target of the links and not the links themselves. For example, PURGELINK and STORE operate on the link itself and not the target les.
PAGE 164
PAGE 165
7 Managing Files A le is an object that can be written to and read from. A le has certain attributes including access permissions and le type. Directories are also les. They are special les that contain directory entries. A directory entry associates a name with an object. Traditionally, MPE has restricted le creation to MPE groups within a user's logon account. On MPE/iX, authorized users can create les within and outside of their logon accounts.
PAGE 166
Note Although the le name components can be up to 255 characters, other system limits restrict le name length. The command interpreter limits the number of characters that you can type in a command to 511 characters. Names of les directly under root or directly under a group or account are limited to 16 characters. Refer to Tables 2-1, 2-2, and 2-3 in Chapter 2 for additional naming restrictions. A pathname identi es a le.
PAGE 167
To refer to les named using HFS syntax, you need to preface the name with a dot (.) or a slash (/). For example, to refer to the le prog.src in your current working directory, you need to refer to it as ./prog.src. The name /env_stats refers to a le called env_stats in the root directory. Byte-Stream Files MPE/iX has been enhanced to support byte-stream les. Byte-stream les do not have a system-de ned record structure. Information is stored as a \stream of bytes.
PAGE 168
Convert the byte-stream le into a record-oriented le (for example, using FCOPY). Editing byte-stream files using the vi editor Creating Files with HFS Syntax The vi editor is a standard UNIX editor that the POSIX .2 shell provides. Refer to the \VI Tutorial" in the MPE/iX Shell and Utilities User's Guide (36431-90002) or to The Ultimate Guide to the vi and ex Text Editors (97005-90015) for information on how to use vi.
PAGE 169
Renaming Files You can change the names of les using the RENAME command. When renaming a le across directories, you need to have CD permission to the le's new parent directory, DD permission to the le's old parent directory, and TD permission to all directories. You can use either HFS or MPE syntax in the RENAME command. File names using HFS syntax must begin with a dot (.) or slash (/). For example: :rename /users/public/hearing.fil,./hearing.doc This example renames the le /users/public/hearing.
PAGE 170
that is an interpretation of the le access matrix in e ect for the original le. For example, @.@ access is interpreted as any user +RACD; $GROUP and $GROUP MASK access is assigned to any user, AC user, and RACD; $OWNER receives all access + RACD. Table 7-2 summarizes le security changes that occur at the le level when you rename les on MPE/iX. You must have the appropriate le access permission to rename les.
PAGE 171
Table 7-2. Resulting Security When Renaming Files From To Resulting Security file1.group1.acct1 file2.group1.acct1 Same as original le. file1.group1.acct1 file2.group2.acct1 2 Same as original le. Note that the group security may be di erent. file1.group1.acct1 file2.group2.acct2 1, 2 If file1 has no ACD, an ACD is assigned based on the le security matrix of the original location. If file1 has an ACD, the ACD is not changed. file1.group1.
PAGE 172
List the le and check what type of security it has. :LISTFILE STATS.PUB.SYS.4 Create the FY92 directory in PUB.SYS. :NEWDIR FY92 Rename the le into the FY92 directory. :RENAME STATS,./FY92/STATS List the le again and see what the security looks like. :LISTFILE .
PAGE 173
d c The following gure shows how the le looks after it is rst created. :listfile stats,4 ************************************ FILE: STATS.GROUP.ACCT ACCOUNT ------ READ WRITE APPEND LOCK EXECUTE : : : : : ANY AC AC ANY ANY GROUP -------- READ WRITE APPEND LOCK EXECUTE SAVE : : : : : : ANY GU GU ANY ANY GU FILE --------- READ WRITE APPEND LOCK EXECUTE : : : : : ANY ANY ANY ANY ANY a FCODE: 0 **SECURITY IS ON NO ACDS FOR OPERATOR.
PAGE 174
d After you rename the le into an HFS directory called /ACCT/GROUP/dir1, executing a LISTFILE command from that directory shows that an ACD has been assigned to the le: :chdir /ACCT/GROUP/dir1 :listfile ./stats,4 ************************************ FILE: /ACCT/GROUP/dir1/.
PAGE 175
d c You can display the ACD using the ACD or -2 option of the LISTFILE command: :listfile ./stats,ACD PATH= /ACCT/GROUP/dir1/ --------------ACD ENTRIES-----------------FILENAME $OWNER : R,W,X,A,L,RACD stats $GROUP_MASK : R,X,L,RACD $GROUP : R,X,L,RACD @.@ : RACD Listing Files b You can use the LISTFILE command to list les named using MPE and HFS syntax.
PAGE 176
d available to you. Talk to your system manager about activating them. hello me.official,gp1 plistf ./@ a PATH= /OFFICIAL/GP1/ c FILE1 dir2/ file1 Figure 7-1 illustrates an example hierarchical directory structure. In this gure, directory names are shown as the character d plus a number (for example, d0), and le names are shown as the character f plus a number (for example, f1). The examples following Figure 7-1 assume the directory structure shown.
PAGE 177
Figure 7-1. Example HFS File System In the rst example, the HPPROMPT variable is set to show the current working directory, the user changes directories using the CHDIR command, and requests a listing of all les one level below the CWD.
PAGE 178
d :hello manager.acct,group a :setvar hpprompt "!!hpcwd:" /ACCT/GROUP:chdir ./d0 CWD is "/ACCT/GROUP/d0". /ACCT/GROUP/d0:listfile ./@ PATH= /ACCT/GROUP/d0/ c d1/ d2/ d3/ f1 f2 /ACCT/GROUP/d0: f3 b The next example also requests a listing of all les one level below the CWD using FORMAT=2 (DISC) option. d a /ACCT/GROUP/d0:
PAGE 179
d a /ACCT/GROUP/d0:
PAGE 180
d c d c /ACCT/GROUP/d0:listfile/;name=@;seleq=[object=acct];format=6 /ACCT/ /SYS/ /TELESUP/ /TEST/ The next example illustrates the OBJECT=GROUP parameter to show all groups on the system. /ACCT/GROUP/d0:listfile/;seleq=[object=group];format=qualify /ACCT/GROUP/ /ACCT/PUB/ ../SYS/ALINE925/ .
PAGE 181
d c The next example illustrates the use of the OBJECT=DIR parameter to show all directories on the system. /ACCT/GROUP/d0:listfile/;seleq=[object=dir];format=qualify /ACCT/ /ACCT/GROUP/ /ACCT/GROUP/d0/ /ACCT/GROUP/d0/d1/ /ACCT/GROUP/d0/d2/ /ACCT/GROUP/d0/d2/d4/ /ACCT/GROUP/d0/d2/d5/ /ACCT/GROUP/d0/d2/d5/d8/ /ACCT/GROUP/d0/d2/d6/ /ACCT/GROUP/d0/d3/ /ACCT/GROUP/d0/d3/d7/ /ACCT/GROUP/d0/d3/d7/d9/ /ACCT/PUB/ /SYS/ /SYS/ALINE925/ ../SYS/ALINK925/ .
PAGE 182
The next example illustrates a summary listing (format option 1) of all les in subdirectory d3. d a /ACCT/GROUP/d0:listfile ./d3/@,1 PATH= /ACCT/GROUP/d0/d3/ CODE ------------LOGICAL RECORD------- FILENAME SIZE TYP EOF LIMIT 16W 80B 80B 80B 80B c HBD FA FA FA FA 4 12 12 12 12 67107839 12 12 12 12 d7/ f10 f7 f8 f9 /ACCT/GROUP/d0: b The next example illustrates a detail listing (format option 3) of all les in subdirectory d3.
PAGE 183
d a /ACCT/GROUP/d0:
PAGE 184
d that the owner is now displayed as a fully-quali ed user name. listfile /ACCT/GROUP/@,-3 a /ACCT/GROUP/d0:
PAGE 185
d c a /ACCT/GROUP/d0:listfile /ACCT/GROUP/@,4 ******************** FILE: /ACCT/GROUP/d0/ ACCOUNT ------ READ WRITE APPEND LOCK EXECUTE : : : : : GROUP -------- READ WRITE APPEND LOCK EXECUTE SAVE : : : : : : FILE --------- READ WRITE APPEND LOCK EXECUTE : : : : : FCODE: 0 **SECURITY IS ON ACD EXISTS FOR MANAGER.ACCT: RACD, TD, RD, CD, DD /ACCT/GROUP/d0: b The next example illustrates the use of the FORMAT=-2 (ACD) option to display the access contol de nition (ACD) for le f4 in subdirectory d2.
PAGE 186
d a /ACCT/GROUP/d0:listfile ./d2/f4,-2 PATH= /ACCT/GROUP/d0/d2/ -----------ACD ENTRIES--------------- FILENAME @.@ c : RACD f4 /ACCT/GROUP/d0: Displaying File Contents b You can display le contents using the PRINT command. The following command prints the last 10 records of the le called print.myjob in doc of posix of the current working directory. print ./posix/doc/print.myjob,,-10 File Equations and UDCs As of Release 4.5 and 5.
PAGE 187
Files can reside on a user volume set. You must mount the volume set and set it up as the home volume set using an MPE group. HFS les on the UV can only exist as a descendent of an MPE group. Volume Set Usage Before you try to work with a le created using HFS syntax, you may need to determine what type of le it is. Use the LISTFILE command with the ,2 option to list compete information about a le. The TYP eld indicates the type of le it is and whether it is a directory.
PAGE 188
Table 7-3.
PAGE 189
Table 7-3. File and Directory Types (continued) TYP Code Note Description Fourth Column File Type D Directory (root, account, group, or hierarchical) K KSAM XL les L Symbolic link le M Message les O Circular les R RIO les S Spool le d Device link le f FIFO le s Streams If the le was not created with the CCTL option, the File Type indicators will be displayed in the third column instead of the fourth.
PAGE 190
Copying Files You can use the COPY command to copy any MPE/iX les. If you are granted su cient access, you can copy les outside your current logon account. You can also copy les to and from directories by using HFS syntax with COPY. Files named using HFS syntax must begin with (.) or (/). Remember that HFS syntax is case sensitive. If you copy a le that has an ACD assigned to it, the ACD is copied along with the le.
PAGE 191
Table 7-4. Resulting Security When Copying Files From To Resulting Security FILE1.GROUP1.ACCT1 FILE2.GROUP1.ACCT1 Same as original le FILE1.GROUP1.ACCT1 FILE2.GROUP2.ACCT13 If FILE1 has no ACD, the copied le takes on the security assigned to GROUP2 . If FILE1 has an ACD, it is copied to FILE2 . FILE1.GROUP1.ACCT1 FILE2.GROUP2.ACCT23 If FILE1 has no ACD, the le security matrix remains the same. Note that the group security may be di erent for GROUP2.
PAGE 192
(Non-existent file). To list it, you need to specify HFS syntax: :LISTFILE ./xfer PATH= /SYS/PUB/ ./xfer Copying a file from a directory to an account To copy a le from a directory to an account: Use the COPY command: :COPY ./xfer, LETTER.PUB.ACCT The le named xfer (in lowercase) in the current working directory is copied to LETTER.CUB.ACCT (in uppercase) in the current account.
PAGE 193
To back up all les on the system, enter: Storing Files :store / Refer to Chapter 8 for detailed information on system backup. Using Symbolic Links Creating symbolic links Symbolic links are permanent MPE/iX les that can be created, removed, and renamed. You can use the NEWLINK command to create a symbolic link to a le, group, account, root, or another directory. Suppose that you log on as follows: :hello dmarcon, engineer.
PAGE 194
Deleting symbolic links You can use the PURGELINK command to remove a symbolic link. This command takes the name of the symbolic link and deletes it without a ecting the target of that link. For example, if you (that is, dmarcon) wanted to remove the symbolic link SYMLN, you would do the following: :purgelink symln or :purgelink ./SYMLN Renaming symbolic links Symbolic links can be renamed by calling the POSIX C-library function of rename().
PAGE 195
8 Backing Up and Recovering MPE/iX Enhancements to the le system allow les to be stored at every level of the directory hierarchy, such as below the root directory, within directories and subdirectories, and within directories subordinate to groups. Changes were made to the STORE and RESTORE commands so that all of the directories and les on the system can be backed up.
PAGE 196
File name mapping for full backups Specifying MPE/iX files To ensure that all les on a system get backed up, certain MPE syntax names get mapped to HFS syntax. Anytime the lename, group, and/or account part of an MPE syntax name is equal to @, the name will be mapped to an equivilent HFS name. This mapping is only done for inclusion le sets, it is not done for exclusion (negative) le sets. You can store or restore le sets that use MPE or HFS syntax by using the STORE or RESTORE commands, respectively.
PAGE 197
trailing \/", then all of the directory matches at the last component of the speci ed set are scanned recursively. STORE and RESTORE also provide two overriding options: TREE and NOTREE. These options override the trailing slash on the le set. The TREE option forces every le set to be scanned recursively from the speci ed level, including any levels beneath it; the NOTREE option forces every le set to be scanned for a horizontal cut only.
PAGE 198
Table 8-1. Example File Sets for STORE/RESTORE (continued) File Set Contents ./dir1/a@, ./dir1/@a From the current working directory, all les and directories in dir1 beginning or ending with \a" ./dir1/@ ./dir1/a@ From the current working directory, all les and directories in dir1 except those beginning with \a" /@/@/@ /SYS/PUB/@ All les and directories exactly three levels beneath the root directory except the les and directories in /SYS/PUB / or @.@.
PAGE 199
It is recommended that STORE / should be used in place of the command STORE @.@.@ when performing a full system backup, although STORE @.@.@ will be mapped to include all les on the system. Additional backup examples d c d c The following example backs up all of the les and directories in the account called MKTG and sends a listing of the backed up les and directories to LP.
PAGE 200
structure when these les and directories are regenerated using the RESTORE command. d c d c The following example performs the same complete system image on the backup media: FILE TAPEDEV; DEV=TAPE STORE @.@.@; *TAPEDEV; SHOW=OFFLINE; DIRECTORY The DATE>= option can be used to obtain an incremental backup of the les changed or modi ed since some_date as illustrated in the next example.
PAGE 201
What gets stored For a horizontal cut (all les in a directory) or for the recursive scan (all les at all levels below the speci ed directory), the les and directories are stored together. However, if the DIRECTORY option is used with the STORE command, the directories in the speci ed le set are stored separately from the les. The directories are collected and stored at the start of the media. This portion of the tape is used to regenerate the hierarchical directory structure as required at RESTORE time.
PAGE 202
If you perform these commands, the symbolic link /ACC/SLINK is stored and the le /usr/jdoe/file is not stored. 2. When the symbolic link is an intermediate component of a pathname, the link will be traversed and les will be stored using absolute pathname.
PAGE 203
If you perform the example above, the les /usr/jdoe/dir/file3 and /usr/jdoe/dir/file4 are stored. The les /usr/jdoe/dir/file1 and /usr/jdoe/dir/file2 are not stored. /usr/jdoe/dir/file4 is stored because /DENIS/file4 does not match /JAIME/file4. Therefore, /JAIME/file4 excluded a le not in the store set. Restoring MPE/iX Files You can restore an MPE/iX le set by using the RESTORE command. The le set name syntax and scanning rules for RESTORE are exactly the same as for STORE.
PAGE 204
cause it to be mapped to include both HFS and MPE named les. Reloading Hierarchical Directories You can regenerate the hierarchical directory structure and the UID and GID databases by restoring the directory information stored on the media. The following rules should be followed when regenerating the hierarchical directory structure: You need to specify the DIRECTORY option with the RESTORE command to regenerate the entire hierarchical directory structure.
PAGE 205
9 Handling Security on MPE/iX MPE/iX system security required enhancements to support the hierarchical le system. The new security features are integrated so that they cannot be used to bypass traditional MPE/iX security. All existing MPE security features continue to work as they have. This chapter describes enhancements to security that support the hierarchical le system.
PAGE 206
User Identification Users on MPE/iX are now identi ed by a user ID (UID). The UID is a string (in the form user.account ) with a corresponding integer value. Each MPE account has a group ID (GID) associated with it. The GID is a string (in the form account ) and also has a numerical value assigned to it. UIDs and GIDs were added to le and process structures to more easily identify object owners and le sharing groups, respectively. (Refer to Chapter 5 for more information about UIDs and GIDs.
PAGE 207
Access Control Definitions (ACDs) MPE/iX le system access is controlled by using access control de nitions (ACDs) or the le access matrix. Refer to the Manager's Guide to MPE/iX Security (32650-90474) and User's Guide to MPE/iX Security (32650-90472) manuals for information on restricting le access by using the le access matrix and more details on ACDs. This chapter brie y introduces ACDs because of their relevance to controlling access to les and directories created outside of MPE groups.
PAGE 208
Access modes ACDs control the ability to access and change hierarchical directories and the les within them. MPE/iX has enhanced the ALTSEC command to support access to directories. The available ACD access modes are as follows: R W L A X CD DD RD TD RACD Read a le. Write to a le. Lock a le. Append to a le. Execute a le. Create directory entries. Delete directory entries. Read directory entries. Traverse directory entries. Copy or read the ACD associated with the object. NONE Deny access.
PAGE 209
$OWNER $GROUP $GROUP_MASK Speci es the le owner. The le owner is granted the access permissions speci ed by $OWNER. A user is a le owner if the user's UID matches the UID of the le. Speci es the le group members of the le or directory. If the user's GID matches the GID of the le, the user is granted the access permissions speci ed by $GROUP. Restricts all ACD entries except for $OWNER and @.@. In this case, if a user matches a user.account entry, $GROUP entry, or @.
PAGE 210
How do ACDs work The way ACDs are evaluated has changed as of Release 4.5 as a result of security enhancements. When you attempt to access a le, the system checks access permissions in the following order of precedence: 1. Do you have SM capability? If so, you are granted all access to the le. 2. Do you have AM capability and does your GID match the GID of the le? If so, you are granted all access to the le. 3. Are you the owner of the le (your UID matches the UID of the le)? a.
PAGE 211
$GROUP_MASK entry exists, the resulting access permissions are only those that are in both the user.account entry and the $GROUP_MASK entry. No further checking is performed. b. Does your GID match the GID of the le? If so, and a $GROUP entry exists, you are granted the access permissions assigned to that entry unless a $GROUP_MASK entry exists. If the $GROUP_MASK entry exists, the resulting access permissions are only those that are in both the $GROUP and the $GROUP_MASK entries.
PAGE 212
ACD examples You assign ACDs using the ALTSEC command. In addition, les outside of MPE groups are automatically assigned ACDs. Following is an example of an ACD that could be assigned to a text le: NONE:JIM.DOE,@.ACCT;R,W,X,L:@.PAYROLL;R:@.@ The ACD pairs in this example set up the following access controls on the text le: Deny JIM.DOE and all users in the ACCT account access to the le. Allow read, write, execute, and lock access to users in the PAYROLL account. Allow read access to everyone else.
PAGE 213
Controlling access to files and directories New access attributes for ACDs have been added to support security for hierarchical directories. The access attributes associated with directories are as follows: CD|create directory entries DD|delete directory entries TD|traverse directory entries RD|read directory entries Users need appropriate permission to access a directory and its contents. For example, the owner of a directory can grant create directory entries (CD) access to other users.
PAGE 214
Object creation Creating an object, which is creating an entry for a le or directory within a directory, requires that a process have TD and CD access to the object's parent directory and SF capability. For an MPE group, SAVE access is equivalent to CD access (see \SAVE access in MPE groups"). Users with SM capability can create les and directories anywhere on the system.
PAGE 215
If you rename a le that does not have an ACD from an MPE group to a directory that is not an MPE group, an ACD is automatically generated for it. This is required because the security matrix cannot protect the le any longer. If you rename a le (that does not have an ACD) from an MPE group to another MPE group outside the original account, an ACD is automatically generated for it, because the le's GID would no longer match the parent group's GID and would not be protected by the le access matrix.
PAGE 216
need write access to a le, in addition to SAVE access, to be able to delete it from an MPE group. For more information, refer to \Creating and Naming Directories" in Chapter 6. CWD and file security You can change your current working directory (CWD) to any directory (including an MPE account, an MPE group, the root directory, or an HFS directory) as long as you have TD access to the directories in the path to the directory.
PAGE 217
Appropriate Privilege Appropriate privilege means that the user has su cient capabilities to perform an operation even if the user is not explicitly granted the necessary access. The user's capabilities grant the correct access to the directory or le. Appropriate privilege does not override le lockwords, privileged les, privileged le codes, or write-protected les.
PAGE 218
Execute (X) Access The hierarchical le system does not provide a way to distinguish les containing executable scripts from other les. However, the POSIX standard requires that le permission bits should be checked to verify that execute access has been granted to at least one of the le classes as an indication that a le contains executable statements. On MPE/iX, when all access would normally be granted to a user, X access is handled as a special case.
PAGE 219
Tasks Involving System Security Listing ACDs for files and directories The following sections describe tasks relating to system security such as listing ACDs, assigning ACDs, changing ACDs, and copying ACDs. Because ACDs supersede other security mechanisms, it is useful to be able to determine whether or not a directory or le has an ACD assigned to it and, if so, what it is. Any directories or les residing outside of traditional MPE groups are automatically assigned ACDs when they are created.
PAGE 220
d a listfile /OFFICE/GRP,ACD PATH=/OFFICE/ ------------ACD ENTRIES-------------- FILENAME c @.@ : RACD GRP/ b In the next example, the le assets has an ACD assigned to it. The ACD pairs are listed from the most speci c (such as a particular user in a particular account) to the least speci c (all other users in all other accounts). User ZONIS in the OFFICE account has R (read) access to the le assets. Other users in the OFFICE account have both R and W (write) access to the le.
PAGE 221
d a listfile /OFFICE/GRP/@,-2 PATH=/OFFICE/GRP/ ------------ACD ENTRIES------------ FILENAME c ZONIS.OFFICE @.OFFICE @.@ ZONIS.OFFICE WILKE.OFFICE @.@ SMITH.OFFICE @.OFFICE : : : : : : : : R R,W R,W,X R R,W R,W,X R R,W,X Changing access to files and directories assets bills goods b Because access to MPE/iX les and hierarchical directories is controlled by ACDs, system users may want to change the defaults assigned when les or directories are created.
PAGE 222
assign ACDs on any le or directory in the system. They must supply the lockword for any lockword-protected les before they can assign an ACD, however. Once the le has an ACD, the ACD supersedes the lockword. You can use the ADDPAIR option with the ALTSEC command to add ACD pairs to an object that already has an ACD. (You must use the NEWACD option to assign ACDs to les having no ACDs.
PAGE 223
Deleting ACDs You can only delete optional ACDs on les in MPE groups that can be protected by the le access matrix. Users in the ACCT account have read access to the le /ACCT/PUB/dir1/summary and all other users have read ACD access to the le (R:@.ACCT;RACD:@.@). If you decide that the users in ACCT should no longer have read access to the le, you can delete previously assigned ACD pairs (but you cannot delete the entire ACD): :ALTSEC /ACCT/PUB/dir1/summary;DELPAIR=(@.
PAGE 224
Copying ACDs You can copy ACD pairs from one le to another or from one directory to another. This is particularly useful if you assign a complex set of ACDs to one le or directory and you want to assign the same set to another le or directory. Note You can only copy an ACD from one le to another or from one directory to another. You can't copy an ACD from a directory to a le or vice versa. For example, you can copy the ACD from directory dir1 to another directory dir2: :ALTSEC ./dir2;COPYACD=.
PAGE 225
Glossary absolute pathname A pathname that begins with the root directory, such as /SYS/PUB/TDP. See also pathname and relative pathname . access control de nition (ACD) Security feature that controls access to les and directories. Consists of a list of access permissions and user speci cations. (For example, R,W,X:@.PAYROLL gives all users in the PAYROLL account read, write, and execute access to the le or directory that is assigned this ACD.
PAGE 226
case sensitivity HFS le names can be saved in uppercase or lowercase letters. The le named ./FILE1 does not refer to the same le as ./file1 or ./File1. current working directory The directory in which you are working and from which relative pathnames are resolved. See also directory and relative pathname . directory A special kind of le that contains entries that point to other les. It acts like a container for les and other directories.
PAGE 227
le name A name of a le that can be in MPE syntax (FILE.GRP.ACCT) or HFS syntax (/ACCT/GRP/FILE1). Each syntax has di erent restrictions on le name length and the characters that can compose the name. See also MPE syntax and HFS syntax . group For POSIX compatibility, refers to a group of related users. This is distinct from MPE groups, which are special types of directories existing directly below accounts.
PAGE 228
Names of directories and les can contain the following special characters: hyphen (-), dot (.), or slash (/), but may not have a leading hyphen (-). hierarchical le system (HFS) A le system that is tree structured and can contain les at many di erent levels. This le organization is obtained through the use of directories, which can contain les and other directories. MPE/iX Developer's Kit An MPE/iX product that supports programmers who want to port POSIX-compliant applications to MPE/iX.
PAGE 229
pathname A way of identifying the path to any MPE/iX le. For example, you can refer to FILE1.PUB.SYS using the pathname /SYS/PUB/FILE1 . Notice that pathnames are top- down rather than bottom-up as MPE syntax. POSIX Portable Operating System Interface. A set of standards that address various areas of operating system technology. The POSIX standards describe functions of an operating system interface that applications use to become \POSIX-compliant.
PAGE 230
shell A command interpreter similar to the MPE CI. See also MPE/iX shell . signal The noti cation of an event occurring on the system. slash (/) Another name for the root directory. See also root directory . subdirectory A directory that is contained within another directory is sometimes referred to as a subdirectory. system-provided UDCs Several UDCs have been added to the system to simplify using the new features of MPE/iX. The UDCs are DISCUSE,FINDDIR, FINDFILE, LISTDIR, PLISTF, LISTFTEMP and SH.
PAGE 231
Index A absolute pathname, 1-25, 2-12, 6-4 access control de nitions (ACDs), 1-29, 3-12, 9-3 accessing les, directories, 6-5, 9-17 access modes, 3-13, 9-4 account directory, 4-6 accounting, 3-8 account manager, 9-13 accounts, 1-2 setting up, 5-6 user, 5-5 ACDs, 1-29, 3-12, 9-3 access modes, 3-12, 3-13, 9-4 ACD option, 9-15 assigning, 9-17 copying, 9-20 deleting, 9-19 evaluation, 9-6 examples, 9-8 listing, 9-15 ranaming les, 7-5 replacing, 9-18 adding users, 5-7 ALTFILE command, 2-20 ALTSEC command, 1-29,
PAGE 232
B C Index-2 backdating, 2-25, 3-17 backing up les, 3-6, 7-29, 8-1 Backups le name mapping, 8-2 BDREPORT, 3-17 BDSCRP1, 3-17 BDSCRP2, 3-17 BUILD command, 7-4 byte-stream les, 2-19, 4-17, 7-3 case sensitivity, 1-6, 1-11, 1-13, 6-7 CD access, 3-13, 6-5, 9-9 changing from one directory to another, 6-12 characters, 2-9 CHDIR command, 1-17, 2-20, 6-12 CI limits, 2-15 CI prompt, 1-22, 7-13 CI syntax, 2-15 closing directories, 4-13 closing les, 4-29 commands ALTFILE, 2-20 ALTSEC, 1-29, 9-4, 9-17 BUILD, 7-4 CHDIR
PAGE 233
SETCLOCK, 2-20 shell, 2-28 SHOWCLOCK, 2-20 SHOWME, 1-22 SHOWVAR, 1-9 STORE, 3-6, 8-1 component, 2-15 conventions, 1-6 COPY command, 7-26 copying ACDs, 9-20 copying les, 7-26 create directory entries, 6-5 creating byte-stream les, 4-17 directories, 1-13, 4-10, 6-7 les, 7-4 objects, 9-10 current working directory, 1-13, 1-21, 6-4, 6-7, 9-12 CWD, 1-21 D databases HPGID, 3-11, 5-2 HPUID, 3-11, 5-2 maintaining group and user, 5-3 synchronizing or repairing, 3-11 data transfer, 4-12, 4-20 DD access, 3-13, 6-5, 6
PAGE 234
changing to another, 6-12 closing, 4-13 creating, 1-13, 4-10, 6-7 current working, 6-4, 6-7 deleting, 6-10 entry, 6-1, 7-1 les, 4-4 hierarchical, 8-10 information, 4-13 listing, 6-8 logon, 6-12 moving to another, 1-17 names, 2-10, 6-6 opening, 4-12 parent, 6-1, 6-7 permissions, 1-28, 1-29, 3-13, 6-5, 9-11 read, 9-9 root, 6-2 services, 4-4 space used by, 6-14 traverse, 9-9 DIRECTORY option, 6-14, 8-7, 8-10 DISCUSE UDC, 2-24 disks, 3-7 disk usage, 1-30 DISKUSE command, 1-30, 2-20, 6-14 displaying les, 7-22 do
PAGE 235
F FCLOSE intrinsic, 4-13, 4-29 FCONTROL intrinsic, 4-13 FCOPY, 2-26 FIFOs, 2-20, 4-16 le, 7-1 backup, 3-6, 8-1 changing access to, 9-17 closing, 4-29 creating, 7-4 creating byte-stream, 4-17 creator, 3-11, 5-1 directory, 4-4 editing, 7-3 information, listing, 4-30 listing, 1-12, 6-9, 7-11 name conventions, 1-6, 1-23, 2-8, 2-9, 2-10, 7-1 names, 1-5 opening byte-stream, 4-19 owner, 3-11, 4-26, 4-27 renaming, 4-24, 7-5, 9-10, 9-11 restoring, 8-9 security, 9-12 le equations, 7-22 le name mapping, 8-2 le owner,
PAGE 236
le system, 1-2, 4-4, 6-2 le types, determining, 7-23 FINDDIR UDC, 2-24 FINDFILE UDC, 2-24 FOPEN, 4-17 FSCHECK, 2-26 G H I Index-6 GID, 3-10, 5-1, 5-2, 9-2, 9-13 $GROUP, 3-13, 9-5 group HFS, 9-2 MPE/iX, 5-1, 9-2 group directory, 4-7 group ID database, 3-10, 3-11, 5-2 group ID (GID), 3-10, 5-1, 5-3, 9-2, 9-13 $GROUP MASK, 3-14, 9-5 HFS, 1-2, 2-5 HFS directory, 2-8 HFS le names, 1-5 HFS les, 1-6 HFS syntax, 1-5, 1-11, 2-8, 2-10 hierarchical directory, 8-10 hierarchical le system, 1-2, 2-5, 4-4, 6-2, 8-10 h
PAGE 237
L M N links symbolic, 1-8, 2-19, 4-14, 6-16, 7-29 LISTDIR UDC, 1-16, 2-24, 6-9 LISTFILE command, 1-12, 1-15, 1-21, 1-26, 3-4, 6-8, 7-11, 7-12, 9-15 LISTFILE output, 7-23 LISTFTEMP UDC, 2-24 LISTF UDC, 2-24 listing ACDs, 9-15 listing le information, 4-30 listing les, 1-12, 6-9, 7-11 location in le system, 1-22 lockwords, 3-15 log on, 1-9 logon group, 1-18 long le names, 1-23 maintaining group and user databases, 5-3 mapping le names, 8-2 mirrored disk, 3-7 MPE/iX Developer's Kit, 2-30 MPE/iX enhancements,
PAGE 238
O P R Index-8 objects, 3-12, 9-3 creating, 9-10 deleting, 9-10 ownership, 4-26 sharing, 4-28 opening a directory, 4-12 opening byte-stream les, 4-19 open systems environment, 2-1 $OWNER, 3-13, 9-5, 9-11 owner, 4-27, 9-2, 9-11 ownership, 4-26 parent directory, 6-1, 6-7 pathname, 1-22, 1-25, 2-11, 6-3, 7-2 permissions directory, 3-13, 6-5, 9-11 le, 3-13 pipes, 2-20, 4-16 portability, 2-2 POSIX, 2-2, 3-9 POSIX.1, 2-2 POSIX.
PAGE 239
release, determining current, 1-9 reloading hierarchical directories, 8-10 RENAME command, 7-5 renaming les, 4-24, 7-5, 9-10 replacing ACDs, 9-18 REPORT command, 1-30, 6-14 RESTORE command, 3-6, 8-1, 8-9 restoring les, 8-9 root directory, 1-2, 1-11, 1-27, 4-6, 6-2 S SAVE access, 9-11 search capabilities, 3-4 security access modes, 3-13 ACDs, 3-12 capabilities, 3-14 directory, 1-28 for MPE/iX, 3-12 programming enhancements, 4-26 system, 9-1 sequential access, 4-21 SETCLOCK command, 2-20 sharing objects, 4-2
PAGE 240
symbolic links, 1-8, 2-19, 4-14, 6-16, 7-29 STORE command, 8-7 synchronizing databases, 5-4 syntax, 2-10 directory name, 6-6 le name, 7-1 HFS, 1-5, 1-11, 2-8 programmatic interface, 2-14 system backup, 8-4 determining current release, 1-9 system accounting, 3-8 system administrator, 1-27, 2-4, 3-1, 5-1 system manager, 9-13 system-provided UDCs, 2-24 T U Index-10 TD access, 3-13, 6-5, 6-10, 9-9 transfer of data, 4-12, 4-20 traverse directory entries, 6-5, 9-9 TREE option, 1-26, 6-14, 8-3 TurboSTORE, 3-6 t
PAGE 241
V W vi editor, 7-4 volume set usage, 7-23 wildcards, 3-4, 8-2 delete using, 6-11 Index-11
PAGE 242