writedown — Set or display user's write-down mode
Format
writedown –a | –d | –i [–p]
writedown –p
Description
writedown sets or displays the user's write-down mode for the current address space. Setting or querying the write-down mode is only allowed if multilevel security is active and the user has "write-down" privilege. See z/OS Planning for Multilevel Security and the Common Criteria for more information about multilevel security.
Options
- –a
- Activate write-down mode. This allows the user to write data to a resource protected by an multilevel security label of lower labeled classification than the user's seclabel.
- –d
- Set the write-down mode from the default value in the user's security profile.
- –i
- Inactivate write-down mode. This prevents the user from writing data to a resource protected by a multilevel security label of lower labeled classification than the user's security label.
- –p
- Print the user's current write-down mode setting to stdout. The output is "active" or "inactive". If used with –a, –d, or –i, the new value is displayed.
Usage notes
- This command is only supported when the user has at least READ access to the IRR.WRITEDOWN.BYUSER resource in the FACILITY class and SETR MLS is active.
- Write-down mode affects the current process’ address space. When the write-down mode is changed, all processes running in the same address space will get the new write-down setting, until the shell (where writedown was invoked) exits.
- writedown is a built-in shell command in sh and tcsh. It affects the security setting for commands issued by the current shell, and by child processes, such as shell scripts.
- See z/OS Planning for Multilevel Security and the Common Criteria for more information about write-down mode, multilevel security, and seclabels.
Exit values
The exit values for /bin/sh are
as follows:
- 0
- Successful completion
- 1
- Failure due to any of the following:
- SETR MLS is not active
- User does not have at least READ access to IRR.WRITEDOWN.BYUSER resource in the FACILITY class
- 2
- Command syntax error
The exit values for /bin/tcsh are
as follows:
- 0
- Successful completion
- 1
- Failure due to any of the following:
- SETR MLS is not active
- User does not have at least READ access to IRR.WRITEDOWN.BYUSER resource in the FACILITY class
- Command syntax error
Examples
- To display your current write-down mode:
> writedown -p inactive
- To activate and display your current write-down mode:
> writedown -ap active
Related information
id, sh, tcsh