Product Documentation

c-treeACE V10.3 Update Guide

Previous Topic

Next Topic

Updates in ctrbldif, ctcmpcif, and ctinfo handling of security attributes

Updates have been made to the way in which these utilities handle security attributes:

  • The ctrbldif utility now assigns data file owner/group/permissions to index files.
  • The ctcmpcif utility now assigns original data file owner/group/permissions to compacted data/index files.
  • The ctinfo utility displays the file's security attributes.

Error 456 (group access denied) had been seen when opening a c-tree data file at the ISAM level in client/server mode after rebuilding or compacting the file. This was because of the way the rebuild and compact utilities set the security attributes

It is desirable for the newly rebuilt or compacted files to preserve the original security attributes as much as possible and the index file security attributes should match the data file security attributes. The rebuild and compact utilities now read the permission mask, owner, and group settings from the original data file and after the rebuild or compact is completed, the utilities assign these same attributes to the new files.

The ctinfo utility now displays the owner, group, and permissions for the specified file. Example output:

File owner = ADMIN

File group = ADMIN

Permission mask = 0x85e = {

owner: read write def delete

group: read

world: read

}

A command-line option has been added to the utilities to restore the previous security attribute behavior. Use the -oldsec option to cause the rebuild and compact utilities to set the security attributes as they did before this revision. For example:

ctrbldif mark.dat -oldsec ADMIN ADMIN FAIRCOMS

The -oldsec option can be used if rebuild and compact are failing with error 455 (user does not belong to group) if you delete an index then run the rebuild or compact utility on the data file using a user account that does not belong to the group that is assigned to the data file.

Note: These changes only apply to the client and server versions of these utilities. Setting the security attributes is not supported in standalone mode, so the standalone rebuild and compact utilities behave as follows:

1) When the standalone mode rebuild utility creates new index files instead of reusing the new index files (for example if the original index files have been deleted before running the rebuild utility), the new index files are assigned a permission mask of zero (no restrictions on permissions), and the owner and group are unassigned (empty).

2) The standalone mode compact utility always preserves the security attributes of the data file. If the index files do not exist, the newly-created index files are assigned the same values as the standalone rebuild does when it creates new index files.

TOCIndex