Permissions

QM uses the underlying operating system to manage processes, files, devices, etc. Therefore, all issues of access permissions ultimately lie with the operating system. This section gives some guidance on setting permissions within a QM system but individual application needs should be taken into account.

As an aid to establishing good security policies on Linux and Unix systems, the CREATE.FILE and CREATE.ACCOUNT commands include options to set the ownership and permissions of the newly created item.

The only users who should be working in the QMSYS account are system administrators. It is reasonable that these people should have write access to QMSYS. No other user ever needs to create a new item in the QMSYS directory itself. Therefore the directory can be protected so that only administrators can write to it.

System administrators need write access to all items in the QMSYS account. The following table sets out the additional access rights needed for other users.

		Developers	Others
$FORMS	Form queue definitions created with SET.QUEUE for use with SP.ASSIGN.	Full	Full
$HOLD	Hold file for QMSYS account	None	None
$HOLD.DIC	Dictionary for $HOLD	None	None
$IPC	Inter-process communication file	Full	Full
$LOGINS	User name database	Full	Full
$MAP	Catalogue map	Full (note 1)	None
$MAP.DIC	Dictionary for $MAP	Read	Read
$SCREENS	Screens database	Read	Read
$SERVERS	QMNet server register	Read	Read
$SVLISTS	$SAVEDLISTS file	None	None
$VAULT	Encryption key vault	Read	Read
ACCOUNTS	Accounts database	Read (note 2)	Read (note 2)
ACCOUNTS.DIC	Dictionary for ACCOUNTS	Read	Read
audit.log	Encryption audit log	None	None
bin	Executable files	Read	Read
BP	Sample QMBasic items	Read	Read
cat	Private catalogue of QMSYS account	None	None
DICT.DIC	Dictionary for dictionaries	Read	Read
DIR_DICT	Dictionary for directory files	Read	Read
DOCS	Documentation (Windows only)	Read	Read
errlog	Optional error log file	Full (note 3)	Full (note 3)
ERRMSG	Pick style error message file	Read (note 4)	Read (note 4)
ERRMSG.DIC	Dictionary for ERRMSG	Read	Read
gcat	Global catalogue	Full	Read (note 5)
MESSAGES	Message database	Read	Read
NEWVOC	Template VOC file	Read	Read
qmconfig	Configuration parameter file	Read	Read
qmterm.ini	qmterm configuration parameters	Full	Full
QM.VOCLIB	VOC extension	Read	Read
stacks	Command stack repository	None	None
SYSCOM	System include records	Read	None
temp	Temporary directory	Full	Full
terminfo	Terminfo database	Read	Read
terminfo.src	Terminfo definitions	None	None
VOC	Vocabulary file	Read	Read
VOC.DIC	Dictionary for VOC	None	None
errlog	Error log	Full	Full
qm.chm	Help text (Windows only)	Read	Read
QMSvc.log	QMSvc log (Windows only)	None	None

1.Write access to $MAP is only needed by users who execute the MAP command to create a catalogue map with the default destination file name.

2.Any user who is to be allowed to create new accounts will need write access to this file. Restricting write access on this file closes a potential security risk by preventing users creating synonyms to existing accounts that might subvert application level security mechanisms.

3.If error logging is enabled (see the ERRLOG configuration parameter), all users need full access to the optional errlog file. Any user that does not have write access will not log errors.

4.This file contains standard Pick style messages. Although rare, some applications may write to this file.

5.It is possible to restrict access to individual items in the gcat subdirectory. Users need read access (not execute access) to run a compiled QMBasic program.

In general, users should have free access to all files. Taking write access away on the VOC can be used to prevent users modifying its content but beware that some applications modify the VOC as part of their normal operation.

Systems that have replication enabled as a publisher need permissions set such that all application users have full access to the replication directory (REPLDIR configuration parameter) and all of its content.