$PERMIT me to talk about $FILESTATUS

Sun, Nov 16, 2014

The information that MTS stores about files is quite different from today’s operating systems and it also has an interesting permissions model. In this post we’ll look at this information in more detail using the $FILESTATUS and $PERMIT commands.

$FILESTATUS

$FILESTATUS, which can be abbreviated to $F, displays information about files. It takes three parameters:

• name
• format
• information

Running it without any parameters lists the files owned by the current user:

 # f
   ALPHA BETA 

Use ? as a wildcard to specify what files to display. Note that this will not include temporary files; to see these you will need to do f -?. To see all files under another ID use f CCID:?; this will only list files you have access to.

The information parameter allows you to see further details about each file. To see all information MTS has, use the TOTAL parameter:

# fi ? total
  ALPHA             Size=1P, MinSaves=0P, TruncSaves=0P, MaxSize=32767P, 
   ExpFac=Def, Type=Line, RPM=0, IdleDays=36525, Lines=1, Holes=1, Avlen=19, 
   MaxLen=19, AvailSpace=2969, MaxHole=2969, Create=Nov15/14, 
   LastRef=Nov15/14, LastCatalog=Nov15/14, LastData=10:30:46 Nov15/14, 
   Volume=MTS600, Owner=ST03, Loc=3380, UseCnt=3, PKey=*EXEC, 
   FullAccess=Unlim Owner, None Others 
  BETA              Size=1P, MinSaves=0P, TruncSaves=0P, MaxSize=32767P, 
   ExpFac=Def, Type=Line, RPM=0, IdleDays=36525, Lines=0, Holes=1, Avlen=0, 
   MaxLen=0, AvailSpace=2990, MaxHole=2990, Create=Nov15/14, LastRef=Nov15/14,
   LastCatalog=Nov15/14, LastData=10:30:59 Nov15/14, Volume=MTS600, 
   Owner=ST03, Loc=3380, UseCnt=1, PKey=*EXEC, Empty, FullAccess=Unlim Owner, 
   None Others 

Let’s look at each of these

• Size and MaxSize give the current and maximum size in pages (4096 bytes)
• MTS allocates more space to a file than its contents to allow it to grow. ExpFac is the expansion factor each time it needs to grow, here the default 10%. MinSaves shows how much space would be saved if the file was resized to its minimum possible size; TruncSaves shows spaces saved if the $truncate command was run to remove unused space at the end of the file. AvailSpace gives the amount of space in bytes before the file needs to be expanded.
• Type is the file type, line or sequential
• RPM is the number of references to the file per month since its creation date and IdleDays the number of days since its last reference. RPM always seems to be zero and Idledays larger than 36,000 whatever the usage of the file, so I suspect something is not working correctly here. Update 14-Apr-2015: this is due to a Y2K bug, see Jeff’s comment below.
• UseCnt gives the number of times the file has been used since its creation; this appears to be set correctly.
• Lines, Avlen and MaxLen give the number of lines and their average and maximum lengths
• Holes and MaxHole refer to holes in line file due to line replacement operations that have left spaces
• Create gives the creation date, LastRef the time the file was last used, LastCatalog the time the catalog was updated for this file and LastData the last time data was changed in the file
• Volume and Loc gives the disk volume and type of storage the file is on
• Owner gives the file owner’s ID
• PKey and the remaining information gives details on who can access the file, which we will look at further below.

Instead of showing all this you can specify individual items to display:

# fi ? lines avlen
  ALPHA             Lines=1, Avlen=19 
  BETA              Lines=0, Avlen=0 

Finally, the format parameter determines how the information selected will be displayed. You can choose name=value pairs, columns or packed, with options for headers, spacing and indentation. For example:

# fi ? col spacing=3 create lastref


   File name        Create   DateLast 
                    Date     Referenc 
 


  ALPHA             Nov15/14 Nov15/14 


  BETA              Nov15/14 Nov15/14 

$PERMIT

The $PERMIT command, or just $P, takes three parameters

• files
• access level
• users

You can also selectively clone permissions from one file to another with the syntax $PERMIT files1 LIKE files2 EXCEPT access_level.

There are six basic categories of access level:

• R - Read
• WE - Write-expand - can add lines to a file but can’t change or delete existing ones
• WC - Write-change - can change or delete lines from a file but can’t add new ones
• T - Truncate and renumber
• D - Destroy and rename
• P - Permit - allow other users to change permissions

These can be combined using various aliases, for example RW allows the first three categories above, N specifies no access and U unlimited access

The users parameter allows you specify a single user ID or even a wildcard user ID (like ST0?) as well as other combinations:

• ALL - all users
• OTHERS - all users except those which already have access info specified
• ME - access for signed in user ID
• OWNER - file owner
• PROJECT=xxxx - users under project ID xxxx
• PKey=xxxx - see the next section

*PERMIT will show the current level of access after each command. Some examples:

# permit alpha r st01, rw st02
  Access to file "ALPHA" is now Read ST01, RW ST02, Unlim Owner, None Others
# permit alpha d st0?, read others
  Access to file "ALPHA" is now Read ST01, RW ST02, Unlim Owner, Destroy ST0?,
   Read Others

Program keys

You may want a file to be only accessible when run by a certain program. In Unix the solution is setuid, where when a program is run your user ID temporarily becomes the user ID of the program so it can access files owned by that user ID. This can lead to security issues though, eg if a buffer overrun in the program can be exploited to allow access to other files.

MTS has a better solution: each program can have a key, and access to a file can be granted to that key. You can then run a privileged program under your normal ID.

One example is the *CKID program that runs at sign on for certain shared IDs and checks which secondary IDs can use that ID. The config file, CKID:ACCESS should only be accessible to that program, so it is permitted to the pkey for *CKID:

# fi ckid:access access
  CKID:ACCESS       FullAccess=None Others, Read Pkey=*CKID 

You can set this up for your own programs by setting a pkey for the executable and then permitting access. Say you have a database program MYDB which is the only way a user should access the database file DBFILE. First set a program key:

$CONTROL MYDB PKEY=MYDB

and then permit access:

$PERMIT DBFILE RW PKEY=MYDB

Further information

See the online help for $FILESTATUS and $PERMIT, and a detailed write up in MTS Volume 1.