The UNIX writedown command can be issued by an authorized user to override global write-down protection on a system by setting, resetting or querying the setting of the write-down mode for his address space.
When MLS is active on the system and the control option MLWRITE(NO) has been set, and a user has been given READ access to the IRR.WRITEDOWN.BYUSER resource in the IBMFAC class, the user is authorized to issue the UNIX writedown command to either:
When a user enters the system and has UPDATE access to the IRR.WRITEDOWN.BYUSER resource, CA Top Secret will, by default, allow the user to write-down without issuing the UNIX writedown command during his session, although the user can, if he wishes, issue the command if he has both UPDATE and READ access to the IRR.WRITEDOWN.BYUSER resource.
To allow an CA Top Secret user to control write-down for himself by issuing the UNIX writedown command, do the following:
TSS PER(user01) IBMFAC(irr.writedown.byuser)
ACCESS(read)
The UNIX user can now issue the writedown command
To deactivate and display your current write-down mode, enter:
> writedown -ip inactive
To activate and display your current write-down mode, enter:
> writedown -ap active
To reset and display your write-down mode, enter:
> writedown -dp active
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|