Partners in remote systems can display or modify the file management access rights of their own local files.
The access right i (insert data unit FADU) is not permitted in Unix and Windows systems.
Display and modify access rights in Unix systems
With a corresponding request from the remote system, openFT (Unix systems) maps the local protection bits r, w, and x to the file management access rights as follows:
Access right | Unix protection bit for the file | Unix protection bit for the parent |
r (read) read file | r bit | x bit 1 |
p (replace) | w bit | x bit |
x (extend) extend file | w bit | x bit |
e (erase) 2 | w bit | x bit |
a (rdatt) | x bit | |
c (chatt) | the request must have the same | x bit |
d (delete) | w bit | x bit |
1The r bit of the parent directory is not significant.
2The attribute is practical for FTAM connections only
.
The access rights of only one user class (owner, group, other) are displayed. The user class is displayed in accordance with the access authorization for the file management request in the Unix system. If a number of user classes have access authorization, the access rights for the highest user class are displayed (e.g. owner access rights before group access rights).
Furthermore, local Unix system rules apply to file access. Thus, for example, the x bit must be set for all parent directories.
Modify access rights in Unix systems
The following table shows the options available in Unix systems for modifying file protection bits:
File management | Unix file protection bits | Function |
rpxeacd | rw1 | read-write |
rac | r-1 | read-only |
pxeacd | -w1 | write-only |
ac | --1 | none |
The openFT protocols and FTAM only recognize two options for access rights, namely ‘set’ and ‘not set’. This means that when entering access rights, it is necessary to specify whether or not the access right is set. These protocols do not provide the option of leaving access rights unchanged.
To enable file access rights to be modified, the file management access rights a and c must always be specified; otherwise, the remote request is rejected. If the w protection bit is to be set for a file, the file access rights pxed must also be set, since all these values are mapped to the w file protection bit. All other combinations of file access rights cause the remote request to be rejected.
Only the file owner can modify the access rights of a particular file. Access rights set by the owner can only be modified by the user class ’owner’. However, owner, group, and other user classes can delete access authorizations.
Display access rights in Windows systems
In the case of an appropriate request from a remote system, openFT (Windows) maps the local protection attributes to the file management access rights. A distinction is made between a file on an NTFS file system and a file on a different file system.
The NTFS protection attributes are mapped as follows:
Displayed access rights | File access rights | Rights in the superordinate |
r (read) read file | read | read |
p (replace) overwrite file | read and write | read and write |
x (extend) extend file | read and write | read |
e (erase)1 delete file access data unit | read and write | read |
a (read attribute) read file attribute | read | read |
c (change attribute) modify file attribute | read and write | read |
d (delete) delete file | delete | read and write |
The access rights of the user specified for the file transfer/file management request (directly, indirectly or via a FTAC profile) are valid. The rules for Windows NT apply to the assignment of access rights to a user. If you want to list the attributes of the files in a directory but you (as the calling user) cannot read the protection attributes for several of these files, only the file names are displayed for these files.
Setting the “write protection” attribute (which also exists for FAT files) for an NTFS file has the same effect as not setting the access rights “write” and “delete”.
The FAT protection attributes are mapped as follows:
Displayed access rights | “Write-protection” attribute set |
r (read) read file | yes or no |
p (replace) overwrite file | no |
x (extend) extend file | no |
e (erase) delete file access data unit | no |
a (read attribute) read file attribute | yes or no |
c (change attribute) modify file attribute | no |
d (delete) delete file | no |
The rights in the superordinate directory are of no significance in FAT systems.
In Windows systems, no support is provided for really modifying access rights.