User's Control of Security Options

The User's Password

The following steps are required for a user to change the password associated with their own User ID.

For optional information on setting requirements for user passwords, see Setting password requirements.

1. Run the utility program ctpass as any other program in the environment.
2. Enter your current User ID.
3. Enter the current password for your User ID, if you have one. (Maximum 1024 characters. Maximum nine characters for V9 and prior).
4. Continue by entering the current name of the FairCom Server (i.e., the default name or another name, supplied in the FairCom Server configuration file).
5. Now change your password by entering the new password.
6. To be sure to enter the new password, you may be asked to enter it twice before it will be accepted. If the same name is not entered both times, try again.

Note: Whenever input is requested, the user may enter a question mark (?) to receive HELP.

After the new password is entered and confirmed, a message saying your User ID password has been successfully updated will be displayed. After being updated successfully, the new password must be used with the User ID to log on to the FairCom Server.

Note: All users can change their own passwords. In addition, users who are members of the ADMIN group can change the password of all accounts that are not members of the ADMIN group. Only the super ADMIN account (named ADMIN) can change a password for an account that is a member of the ADMIN group.

Support for setting an expiration date for a password on a user account

In V11.6 and later, FairCom Server supports setting an expiration date on a user account password. When a user account's password has expired, attempting to log on to the user account fails with error 1116 (PWDEXP_ERR). This feature is available in the ctadmn and sa_admin utilities and in the SECURITY() API function with mode of SEC_CHANGE_USER_XINFO (change user extended information).

When calling SECURITY() with mode of SEC_CHANGE_USER_XINFO, set the passvaliddays field of the FC_UVAL structure to the password validity period in days. A value of zero sets no password expiration. The complete FC_UVAL structure is now:

FC_UVAL Structure

typedef struct {
  TEXT  userid[32];
  ULONG begstamp;      /* beginning date for valid user logon    */
  ULONG endstamp;      /* last valid date for user logon         */
  LONG  lgonover;      /* limit on consecutive logon failures    */
  LONG  reserved;
  ULONG rsmstamp;      /* temporary logon block                  */
  LONG  lgonfail;      /* current number of failed login attempts*/
  ULONG lgonany;       /* last logon attempt date                */
  ULONG lgonok;        /* last successful login date             */
  ULONG lgonbad;       /* last failed login date                 */
  LONG  lgonoknum;     /* Total number of successful logins(ever)*/
  LONG  lgonbadnum;    /* Total number of failed logins(ever)    */
  ULONG disstamp;      /* when logon was disabled                */
  LONG  lgonmust;      /* user must login within this period     */
  ULONG lastpasschg;   /* time of last change to password        */
  ULONG passvaliddays; /* number of days that password is valid  */
  TEXT  resrv[92];
} FC_UVAL;

File Security Controls

The owner of a file can change the security information for their file, as follows:

1. Run the utility program ctfile the same way as any other program in the environment.
2. Enter current User ID.
3. Enter the current password for the User ID, if one has been assigned.
4. Continue by entering the FairCom Server’s current name, which is either the default name or another name specified by the server configuration.
5. Now give the name of the file whose security information is to change.
6. If the named file has a file password, the next step is to enter the password.

Note: Whenever input is requested, the user may enter a question mark (?) to receive HELP.

The file owner may change the following security options for their file:

• Change the file’s password.
• Change the file’s permission mask.
• Change the file’s Group.
• Change the file’s Owner

Caution! Be careful changing owner security. Once the owner has been changed, then the original owner may no longer use the utility, ctfile, to access the file and change security information.

Note: The Administrator can always use the Administration Utility to change, or view, the file security information for any file controlled by FairCom DB.

Default Permissions

FairCom DB defaults to a permission mode of 0660 (read/write access for owner and group; no access for world) for the files it creates.

When using FairCom DB the permission mode assigned to files can be set with the server configuration keyword FILE_CREATE_MODE to specify the desired file permission mode.

Example

;Set read and write permission for owner
;and no permission for group and world.
FILE_CREATE_MODE	0600

Note: On Unix systems, the system’s umask setting also affects the permission mode assigned to a file when it is created. If the umask setting is non-zero, the specified permissions are removed from the file’s permission mode.