Format
writedown –a | –d | –i [–p]
writedown –p
Description
writedown sets
or displays the user's write-down mode for the current address space.
Setting or querying the write-down mode is only allowed if multilevel
security is active and the user has "write-down" privilege. See z/OS Planning for Multilevel Security and the Common Criteria for
more information about multilevel security.
Options
- –a
- Activate write-down mode. This allows the user to write data to
a resource protected by an multilevel security label of lower labeled
classification than the user's seclabel.
- –d
- Set the write-down mode from the default value in the user's security
profile.
- –i
- Inactivate write-down mode. This prevents the user from writing
data to a resource protected by a multilevel security label of lower
labeled classification than the user's security label.
- –p
- Print the user's current write-down mode setting to stdout. The
output is "active" or "inactive". If used with –a, –d,
or –i, the new value is displayed.
Usage notes
- This command is only supported when the user has at least READ
access to the IRR.WRITEDOWN.BYUSER resource in the FACILITY class
and SETR MLS is active.
- Write-down mode affects the current process’ address space. When
the write-down mode is changed, all processes running in the same
address space will get the new write-down setting, until the shell
(where writedown was invoked) exits.
- writedown is a built-in shell command
in sh and tcsh.
It affects the security setting for commands issued by the current
shell, and by child processes, such as shell scripts.
- See z/OS Planning for Multilevel Security and the Common Criteria for
more information about write-down mode, multilevel security, and seclabels.
Exit values
The exit values for
/bin/sh are
as follows:
- 0
- Successful completion
- 1
- Failure due to any of the following:
- SETR MLS is not active
- User does not have at least READ access to IRR.WRITEDOWN.BYUSER
resource in the FACILITY class
- 2
- Command syntax error
The exit values for
/bin/tcsh are
as follows:
- 0
- Successful completion
- 1
- Failure due to any of the following:
- SETR MLS is not active
- User does not have at least READ access to IRR.WRITEDOWN.BYUSER
resource in the FACILITY class
- Command syntax error
Examples
- To display your current write-down mode:
> writedown -p
inactive
- To activate and display your current write-down mode:
> writedown -ap
active
Related information
id, sh, tcsh