SECTION 7
ACCESS
The access control facility provides "both flexibility and security for your work on Multics. You control who has access to each of your segments: which users have the right to see a given segment, to modify it, and, for a segment that contains a program, to execute it. Directories may also be controlled in this manner.
SEGMENT ACCESS
There are four access modes that you set to determine the level of permission a user has for a particular segment. Listed below are descriptions of the four modes, and those commands treated in this manual that a user has available with each mode.
read (r)
allows a user to read, or view, the contents of the segment
COMMANDS:
copy
dprint (dp)
move
print (pr)
qedx "r" request
write (w)
allows a user to change the contents of the segment
COMMANDS:
qedx "w" request
execute (e)
if the segment is a program, allows a user to execute the program. Execute access is not necessary at the level of this manual.
null (n)
denies a user all access to the segment
You may assign any combination of the r, w , and e modes. If you want to assign the n mode, you must assign it alone.
Every segment has its own ACL - access control list. This list contains the full User_ids of those users who have access to the segment, and which access modes each user has been assigned. The full User_id is a three-component name that includes the tag component discussed briefly at the beginning of Section 2:
The tag indicates whether you are using the system interactively or as an "absentee" user (see Part 2). It is usually "*", which means "any tag is acceptable". Whenever anyone tries to use any segment, that person's full User_id must match one of the entries on the ACL of that particular segment; otherwise the user has no access to that segment.
You see part of an ACL when you type the list command (ls); the access modes that you have been assigned to your own segments by default constitute your ACL entry. Here Pam Sissle checks her access to her "Doggerel" segment:
She has read and write permission on her segment, which allows her to do all she needs. This combination is the automatic default for most of your segments.
To see the complete ACL for her "Doggerel" segment, Pam uses the list_acl command (la) with the name of the segment:
Until you have added more ACL entries yourself, there are two default entries for every segment you create. The first one is your own (the one you see when you use the list command), giving read and write access to you when you log in with the given Project_id. The second is for the system daemons, software facilities that perform such functions as dprinting and saving backup copies of segments. Other users have null access by default.
To grant other users access, you use the set_acl command (sa). The syntax line for this command is:
Here Pam gives Jakob Kissle read access to "Doggerel", because he wants to make a dprint of it:
(If you are registered on more than one project, you may want to grant access to your other User_ids!)
If Pam wants to let Jakob add his own verses to Doggerel, she must give him additional access. To change his access, she simply resets the ACL with the set_acl command:
Now when Pam checks the ACL on "Doggerel" this is what she sees:
But when Jakob tries to add an alternate name to the segment, all he gets is an error message:
He has tried to change an ATTRIBUTE of the segment. The access modes for segments govern the CONTENTS of segments. Segment attributes are stored in the directory containing the segments, so Pam must also give Jakob appropriate access to her directory, if she wants to allow him to add alternate names.
DIRECTORY ACCESS
These are the four access modes for directories. Notice that all the affected commands govern attributes of segments (names and access modes).
status (s)
allows a user to see the ATTRIBUTES of the existing segments under the specified directory
COMMANDS:
list (ls)
list_acl (la)
modify (m)
allows a user to modify attributes of the existing segments under the specified directory
COMMANDS:
add_name (an)
delete (dl)
delete_acl (da)
delete_name (dn)
rename (rn)
set_acl (sa)
append (a)
allows a user to create, copy, or move segments under the specified directory
COMMANDS:
copy (cp)
create_dir (cd)
move (mv)
null (n)
denies a user all access to the directory. May not be assigned in combination with any of the other directory access modes.
As with the segment access modes, both you and the system daemons have complete access (sma) to all your segments and directories by default.
Use the set_acl command (sa) again to set the ACL for directories. Aside from using s, m, and a combinations rather than r, e, and w, there is one quirk you may take advantage of when setting access for directories: when setting access on your working directory, you may use "-wd" in place of the directory's pathname. For example, here Pam gives Jakob access to her directory so that he may add alternate names to the segments in that directory:
Of course, Jakob is now free to do other things in the directory too, such as changing the access on the segments underneath it, or even deleting them. It is often a good idea to think carefully before granting more than "r" and "s" access to other users.
To see who now has access to her directory, Pam uses the list_acl command (la) with the -wd argument:
Finally, to delete the access of a particular user, use the delete_acl command (da). Its syntax line is:
For example, here Pam has decided not to let Jakob have access to her directory (the -wd argument can be used with all the access commands):
Jakob still maintains the segment access that Pam gave him, though. If Pam decides to delete his access to the "Doggerel" segment, she uses the delete_acl command with the name of the segment:
The access control facility is much more extensive than this brief introduction has suggested. For a complete discussion of access, see the descriptions of these commands in the MPM Commands manual.
<< Previous Section Appendix A >>
Contents | 1 | 2 | 3 | 4 | 5 | 6 | 7 | A | B