Name-hiding is an CA Top Secret global system option which, when activated by a security administrator, prevents users from displaying the names of files and directories which their security label does not authorize them to see. It prevents users from knowing about the existence of files and directories to which they do not have read access. However, if a user requests to view the name of a specific file or directory, he will be able to see the name, although he may not be able to access the data.
To activate name-hiding for UNIX files, set the control option (MLNAME(YES), which will do the following:
To deactivate the name-hiding option, turn off the name-hiding option (MLNAME(NO)).
Important! MLS must be active in a zFS system to support name-hiding of UNIX files and directories. Name-hiding is not supported in HFS systems.
Note: Name-hiding degrades the performance of a system. Do not activate name hiding if any system sharing the CA Top Secret databases does not meet the minimum software requirements for MLS support. Use of the name-hiding option should not cause problems on these systems, but it does not provide full protection on these systems. You must be operating at z/OS R1V5 or later to activate name hiding-in an CA Top Secret system.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|