Product Documentation

Database Administrator's Guide

Previous Topic

Next Topic

Files

Database files have several security features in addition to the file permission mask, discussed in a separate section:

File Password

Files created by the FairCom Server, and others, can be assigned a file password when created. File passwords can be changed later by the Administrator or the file’s owner, and then be required for users to access files. For example, a user could be required to enter a file password before initiating the file operations specified in the file permission mask (see File Permission Masks).

File passwords can be up to 9 characters long. Characters can be letters, numbers, or punctuation marks. Passwords are case sensitive (i.e., upper case and lower case characters are treated as different).

File Owner

As explained in Users, when a file is created by the FairCom Server, the User ID requesting the creation is established as the owner of the file.

User accounts in the ADMIN group are treated differently from non-ADMIN users: When a user account in the ADMIN group creates a file, a security resource is stored in the file (unless the file is created with the ctDISABLERES filemode). This means the owner and group of the file is set to the ADMIN user and, if the permission mask is zero, all permissions are set on the file.

Non-ADMIN users must specify a non-zero permission mask to enable security restrictions. If the permission mask is zero, or if you call a file create function that doesn't have a permission mask parameter, the file is created without security features. Remember: A zero permission mask does not mean "no permission"; it means "no security restrictions" (full permission) and no owner and group are assigned.

If you call CreateIFileXtd() or CreateIFileXtd8() and specify a non-zero permission mask, the file is assigned the owner and group of the user creating the file.

The Administrator may change the file owner any time to any other currently valid User ID. The owner is used to define one of the ways file permissions can be granted, e.g., the owner typically has permission to write to the file.

File Group

When created, a file is typically associated with the current primary group of the User ID who created the file. The file group is designed for use with the file permission mask. This can be changed later to any other currently valid Group ID for that User ID by the Administrator or owner. For example, the file permission mask may allow “group permission” to read the file, while no others can (see File Permission Masks). As explained above under "File Owner," if the permission mask is zero, or if you call a file create function that doesn't have a permission mask parameter, the file is created without security features.

If instructed by the user’s application when it creates a file, a file’s Group can be any one of the owner’s other Group IDs, instead of the owner’s primary Group.

The current Owner of a file may use the ctfile utility, after entering both the current User ID password and the current file password, to change: the file password; the file permission mask (see File Permission Masks); the file Group; and even the file Owner itself, which would block the user from accessing the file through the original Owner User ID. User’s Control of Security Options contains a further description of this treatment.

TOCIndex