Hi, Vern,
Thanks for the "heads up" about this. I have never heard of a *READONLY attribute before. It is something completely separate from the usual object authorities and data authorities.
I just ran a test at V7R3, creating a directory:
MKDIR '/home/MSW/test'
Then changed it to add that *READONLY attribute:
CHGATR OBJ('/home/MSW/test') ATR(*READONLY) VALUE(*yes)
Then I signed off and signed-on with a profile that has *ALLOBJ and I tried this:
RMVDIR '/home/MSW/test'
And, I get this message:
Additional Message Information
Message ID . . . . . . : CPFA1C5 Severity . . . . . . . : 40
Message type . . . . . : Diagnostic
Date sent . . . . . . : 04/03/24 Time sent . . . . . . : 20:28:42
Message . . . . : Object is a read only object. Object is /home/msw/test.
Cause . . . . . : An operation was requested on read only object
/home/msw/test that is not allowed on a read only object.
Recovery . . . : Attempt to change the object's read only attribute, using
the Change Attributes (CHGATR) command or Set Attributes (Qp0lSetAttr) API,
and then try the request again. If the object name is *N, it could not be
determined which object was read only. Refer to any previously issued
messages.
Bottom
Press Enter to continue.
F3=Exit F6=Print F9=Display message details
F10=Display messages in job log F12=Cancel
But, they told me what to do, right there in the message seen above. :-/
So, since I have *ALLOBJ, I just issued this:
CHGATR OBJ('/home/MSW/test') ATR(*READONLY) VALUE(*no)
and it says:
Attributes changed for 1 objects. 0 objects not changed.
And so now, I issue:
RMDIR '/home/MSW/test'
and it says:
Directory removed.
"A.N..D.... IT'S GONE!"
So, I think I stand by my advice regarding *ALLOBJ. :-)
All the best,
Mark S. Waterbury
On Wednesday, April 3, 2024 at 06:37:56 PM EDT, VERNON HAMBERG Owner via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
Hi Justin and all
I wondered about the *ALLOBJ bit here, so am watching Margaret Fenlon's COMMON presentation on IFS security. She says that the *READONLY attribute prevents writing or deleting the object, and *ALLOBJ cannot override this attribute. She underlined "or deleting".
Anyone who is a COMMON member can view the presentations in the IFS Bootcamp - of course, Mark, your good counsel to limit number of users with *ALLOBJ is absolutely valid.
On Wed, 3 Apr, 2024 at 4:07 PM, Mark Waterbury <mark.s.waterbury@xxxxxxxxxxxxx> wrote:
To: midrange systems technical discussion
Justin,
Any user with *ALLOBJ can always delete your precious directory, no matter what you do.
"*ALLOBJ" means "all objects" -- including IFS (*STMFs and directories).
This is why it is important to limit the number of user profiles with *ALLOBJ.
Just saying.
Mark S. Waterbury
On Wednesday, April 3, 2024 at 02:35:21 PM EDT, Justin Taylor <jtaylor.0ab@xxxxxxxxx<mailto:jtaylor.0ab@xxxxxxxxx>> wrote:
My goal is to make a directory that can't be deleted. *READONLY works OK
when I tested it, but I just wanted a sanity check.
Thanks
date: Tue, 2 Apr 2024 13:56:24 -0400
from: Rob Berendt <robertowenberendt@xxxxxxxxx<mailto:robertowenberendt@xxxxxxxxx>>
subject: Re: Read-only dir & files within?
I do not find any documentation on this. However this testing may answer
that:
MD DIR('/home/ROB/JT')
Directory created.
CHGATR OBJ('/home/ROB/JT') ATR(*READONLY) VALUE(*YES)
Attributes changed for 1 objects. 0 objects not changed.
EDTF STMF('/home/ROB/JT/test.txt')
The EDTF did create the file
DSPF STMF('/home/ROB/JT/test.txt')
The DSPF showed the changes.
There is an attribute called *RSTDRNMUNL you might want to read up on.
midrange.com
