Securing Diskfiles In the Guardian Environment

In the Guardian environment, each file has an owner and a security vector. By default, the owner of the file is the userid that created it and the security vector is the owner's default security as defined in their User Record.

By default, a file owner or the owner's group manager can give their files to another user, using the FUP GIVE command, and also change the file's security vector using the FUP SECURE command.

The four file operations controlled by the security vector are:


Determines who can read or copy any kind of file or who can execute a macro or OBEY an obey file.


Determines who can modify the contents of a file.


Determines who can execute a code 100 or 700 (object file) with the TACL RUN command.


Determines who can delete, rename or FUP ALTER a file.

The security settings are always displayed in this order: READ, WRITE, EXECUTE, PURGE (RWEP).

There are seven possible values for each operation. These values reflect who is allowed to perform the operation and whether or not the operation can be performed by someone on a remote node. The value is always a single character. The values are:


REMOTE (Superset of local)

File Owner

O (owner)

U (user)

File Owner's Group

G (group)

C (community)


A (all users)

N (all network users)

Local SUPER.SUPER only

- (hyphen)

Example 1:
start example
  AFILE 255,255   SOMEFILE 200,100 - - - -  
end example

In Example 1, only SUPER.SUPER can READ, WRITE, EXECUTE or PURGE either of the files. Notice that it does not matter who owns the file, if the security for any or all operations is a hyphen, then only SUPER.SUPER can perform that operation on the file.

Example 2:
start example
  AFILE 255,255 UUUU  
end example

In Example 2, only a network SUPER.SUPER can READ, WRITE, EXECUTE or PURGE the file because SUPER.SUPER owns the file.

Example 3:
start example
  AFILE 255,255 GG-G  
end example

In Example 3 , only a local SUPER.SUPER can execute this file, but the rest of the local SUPER group can READ, WRITE, OR PURGE the file.

Example 4:
start example
  AFILE 200,100 CC-U  
end example

In Example 4, only a local SUPER.SUPER can EXECUTE this file, only the owner, 200,100 can PURGE, but the rest of network group 200 can READ and WRITE the file.

Example 5:
start example
  AFILE 200,100 OOOO  
end example

In Example 5, only local user 200,100 can READ, WRITE, EXECUTE or PURGE the file.

Example 6:
start example
  AFILE 200,100 NUNU  
end example

In Example 6, only network user 200,100 can WRITE or PURGE, but all network users can READ or EXECUTE the file.

Example 7:
start example
  AFILE 200,100 CUUO  
end example

In Example 7 , user 200,100 can only PURGE the file when logged on locally, but can READ, WRITE or EXECUTE the file remotely. Users in group 200 can only READ the file, whether local or remote.

The Default Program

The DEFAULT program, is used to set the following parameters for User Records:



Please refer to Managing Userids in the Guardian System in Part Three.

HP NonStop Server Security 2004
HP NonStop Server Security 2004
ISBN: 159059035X
Year: 2004
Pages: 157 © 2008-2017.
If you may any questions please contact us: