CA Top Secret HFS Directory Security and Symbolic Links

Document ID : KB000117340
Last Modified Date : 10/10/2018
Show Technical Document Details
Issue:
When I have multiple OMVS filesystems mounted and symbolic links interconnecting the directories, what resource ID is used in the security check?

Example:
I have a root filesystem which has filesystems mounted at "/RSPT11" and "/TS01".

Filesystem "/TS01" contains directory "etc".

File system "/RSPT11" has a symbolic link "/RSPT11/etc" to "/TS01/etc".

The root filesystem has a symbolic link "/etc" to "/TS01/etc".

When I access the "etc" directory, what resource ID will be used? 
Resolution:
1) When a "CHDIR" is performed to a directory that IS NOT a symbolic link, then a security check is performed on the fully qualified directory id;

2) When a "CHDIR" is performed to a directory that IS a symbolic link, then the symbolic link is resolved, and a security check is then performed on the new, fully qualifier directory id.

For example -

1) If "/etc" is a symbolic link to "/TS01/etc", then a "CHDIR /etc" command will result in a security check on "/TS01.etc";

2) If "/RSPT11/usr/etc" is a symbolic link to "/TS01/etc", then a "CHDIR /RSPT11" will result in a security check on "/RSPT11", a subsequent "CHDIR usr" command will result in a security check on "/RSPT11.usr", and a concluding "CHDIR etc" command will result in a security check on "/TS01.etc".