writedown - Set or display user's write-down mode

Description

writedown sets or displays the user's write-down mode for the current address space. Setting or querying the write-down mode is only allowed if multilevel security is active and the user has "write-down" privilege.

Options

-a

Activate write-down mode. This allows the user to write data to a resource protected by a multilevel security label of lower-labeled classification than the user's security label.

-d

Set the write-down mode from the default value in the user's security profile.

-i

Deactivate write-down mode. This prevents the user from writing data to a resource protected by a multilevel security label of lower labeled classification than the user's security label.

-p

Print the user's current write-down mode setting to stdout. The output is "active" or "inactive". If used with -a, -d, or -i, the new value is displayed.

Usage notes

1. This command is only supported when the user has at least READ access to the IRR.WRITEDOWN.BYUSER resource in the FACILITY class and SETR MLS is active.
2. Write-down mode affects the address space of the current process. When the write-down mode is changed, all processes running in the same address space will get the new write-down setting, until the shell (where writedown was invoked) exits.
3. writedown is a built-in shell command in sh and tcsh. It affects the security setting for commands that are issued by the current shell, and by child processes, such as shell scripts.
4. See z/OS Planning for Multilevel Security and the Common Criteria for more information about write-down mode, multilevel security, and security labels.

Exit values

Related information

id, sh, tcsh