writedown — Set or display user's write-down mode

Description

writedown sets or displays the user's write-down mode for the current address space. Setting or querying the write-down mode is only allowed if multilevel security is active and the user has "write-down" privilege. See z/OS Planning for Multilevel Security and the Common Criteria for more information about multilevel security.

Options

–a

Activate write-down mode. This allows the user to write data to a resource protected by an multilevel security label of lower labeled classification than the user's seclabel.

–d

Set the write-down mode from the default value in the user's security profile.

–i

Inactivate write-down mode. This prevents the user from writing data to a resource protected by a multilevel security label of lower labeled classification than the user's security label.

–p

Print the user's current write-down mode setting to stdout. The output is "active" or "inactive". If used with –a, –d, or –i, the new value is displayed.

Usage notes

1. This command is only supported when the user has at least READ access to the IRR.WRITEDOWN.BYUSER resource in the FACILITY class and SETR MLS is active.
2. Write-down mode affects the current process’ address space. When the write-down mode is changed, all processes running in the same address space will get the new write-down setting, until the shell (where writedown was invoked) exits.
3. writedown is a built-in shell command in sh and tcsh. It affects the security setting for commands issued by the current shell, and by child processes, such as shell scripts.
4. See z/OS Planning for Multilevel Security and the Common Criteria for more information about write-down mode, multilevel security, and seclabels.

Exit values

Related information

id, sh, tcsh