writedown - Set or display user's write-down mode
Format
writedown -a | -d | -i [-p]
writedown -p
writedown -p
Description
writedown sets or displays the user's write-down mode for the current address space. Setting or querying the write-down mode is only allowed if multilevel security is active and the user has "write-down" privilege.
Options
- -a
- Activate write-down mode. This allows the user to write data to a resource protected by a multilevel security label of lower-labeled classification than the user's security label.
- -d
- Set the write-down mode from the default value in the user's security profile.
- -i
- Deactivate write-down mode. This prevents the user from writing data to a resource protected by a multilevel security label of lower labeled classification than the user's security label.
- -p
- Print the user's current write-down mode setting to stdout. The output is "active" or "inactive". If used with -a, -d, or -i, the new value is displayed.
Usage notes
- This command is only supported when the user has at least READ access to the IRR.WRITEDOWN.BYUSER resource in the FACILITY class and SETR MLS is active.
- Write-down mode affects the address space of the current process. When the write-down mode is changed, all processes running in the same address space will get the new write-down setting, until the shell (where writedown was invoked) exits.
- writedown is a built-in shell command in sh and tcsh. It affects the security setting for commands that are issued by the current shell, and by child processes, such as shell scripts.
- See z/OS Planning for Multilevel Security and the Common Criteria for more information about write-down mode, multilevel security, and security labels.
Exit values
The exit values for /bin/sh are as follows:
0
- Successful completion.
1
- Failure due to any of the following reasons:
- SETR MLS is not active.
- User does not have at least READ access to IRR.WRITEDOWN.BYUSER resource in the FACILITY class.
2
- Command syntax error.
The exit values for /bin/tcsh are
as follows:
- 0
- Successful completion.
- 1
- Failure due to any of the following reasons:
- SETR MLS is not active.
- User does not have at least READ access to IRR.WRITEDOWN.BYUSER resource in the FACILITY class.
- Command syntax error.
Examples
- To display your current write-down mode:
> writedown -p inactive
- To activate and display your current write-down mode:
> writedown -ap active
Related information
id, sh, tcsh