Quick Links

Sponsored Links

Support Goto400.com

CL Command Reference - CHGOWN

CL Command List > CHGOWN Reference

Description:

The Change Owner (CHGOWN) command transfers ownership of an object or group of objects from one user to another. An object name pattern can be used to change authority for a group of related objects. The authority that other users have to the object does not change.

The CHGOWN command can also be used to change the owner of a directory tree where the directory, its contents, and the contents of all of its subdirectories are to have the owner changed. If SUBTREE(*ALL) is specified, this command will attempt to change the owner of all objects within the subtree. A diagnostic message will be sent for each object that could not have its owner changed and, when all of the objects have been attempted, an escape message will be sent. If all of the objects had their owner changed with no errors, a completion message will be sent.

If a symbolic link object is encountered, either specified in the Object (OBJ) parameter or encountered in the processing of a subtree, the value specified for the Symbolic link (SYMLNK) parameter will be applied to that symbolic link object. If processing a subtree, the processing of that branch of the subtree then stops because a symbolic link object itself cannot have subtrees.

The owner of an object always has all the authorities applicable to the object unless they are explicitly revoked. The owner of an object has the authority to grant any authorities to any user for that object. Owners can also grant to themselves authorities that were previously revoked. Owners may, for example, remove some of their specific authorities as a precautionary measure, and then, when the need arises, grant those same authorities to themselves again.

A user with all object (*ALLOBJ) special authority has complete authority for all objects and can transfer the ownership of any object. All users have add (*ADD) and delete (*DLT) authorities for their own user profiles; that is, users can add objects to or delete objects (that they created) from their own user profiles by transferring the ownership of the object.

Restrictions:

. To transfer ownership of an object in the QSYS.LIB or independent ASP QSYS.LIB file system, you must have all of the following:
¨C Object existence (*OBJEXIST) authority for the object
¨C Object operational (*OBJOPR) and *OBJEXIST authorities if the object is a file, library, or subsystem description ¨C *ALLOBJ special authority or ownership if the object is an authorization list
¨C *ADD authority for the new owner¡¯s user profile
¨C *DLT authority for the present owner¡¯s user profile
¨C *ALLOBJ and security administrator (*SECADM) special authorities to change the object owner of a program that adopts authority.

. Changing the ownership of an object that has an authority holder associated with it also changes the ownership of the authority holder.

. When doing subtree processing, you must have read (*R) and execute (*X) authorities to the path name and all subdirectories within that path.



Examples:

Example 1: Changing the owner of a program

CHGOWN OBJ(¡¯/QSYS.LIB/USERLIB.LIB/PROGRAM1.PGM¡¯) NEWOWN(ANN)

This command assigns ownership of the program named PROGRAM1, located in the user library named USERLIB, to the user named ANN. The authority is revoked from the current owner.



Example 2: Changing the owner of a symbolic link when SYMLNK(*NO)

CHGOWN OBJ(¡¯/sym1¡¯) NEWOWN(SAM) SUBTREE(*ALL) SYMLNK(*NO)

This command will first determine if there are subtrees to process. Since the object specified in the OBJ parameter is a symbolic link, the SUBTREE parameter will be ignored because a symbolic link object does not have subtrees. Next, the object pointed to by symbolic link sym1 (dir1) will be changed because the SYMLNK parameter specifies that the symbolic link object not be changed.

In this example, the owner of dir1 is changed to SAM and the authority is revoked from the current owner. It does not change the owner of the symbolic link object (sym1) and it does not change the owner of the contents of dir1.



Example 3: Changing the owner a symbolic link when SYMLNK(*YES)

CHGOWN OBJ(¡¯/sym1¡¯) NEWOWN(JOE) SUBTREE(*ALL) SYMLNK(*YES)

This command will first determine if there are subtrees to process. Since the object specified in the OBJ parameter is a symbolic link, the SUBTREE parameter will be ignored because a symbolic link object does not have subtrees. Next, the symbolic link object (sym1) will be changed because the SYMLNK parameter specifies that the symbolic link object be changed.

In this example, the owner of sym1 is changed to JOE and the authority is revoked from the current owner. It does not change the owner of the object pointed to by the symbolic link (dir1) and it does not change the owner of the contents of dir1.



Example 4: Changing the owner of a directory when SUBTREE(*ALL) and SYMLNK(*NO)

CHGOWN OBJ(¡¯/dir1¡¯) NEWOWN(PETE) SUBTREE(*ALL) SYMLNK(*NO)

This command will first determine if there are subtrees to process. Since the object specified in the OBJ parameter is a directory, the subtrees will be processed. When the processing of the tree encounters a *SYMLNK object, the value for the SYMLNK parameter will be applied to that *SYMLNK object. When the SYMLNK parameter is *NO, the object the symbolic link points to will be changed. The processing of that branch of the tree then stops because the *SYMLNK object itself does not have a subtree.

In this example, the owner of dir1, dir2.1, dir2.2, dir2.3, dir3.1, dir3.2, dirA is changed to PETE and the authority to those directories is revoked from their current owners. The owner of sym3.3, dirB.1, dirB.2, dirB.3 is not changed.



Example 5: Changing the owner of a directory when SUBTREE(*ALL) and SYMLNK(*YES)

CHGOWN OBJ(¡¯/dir1¡¯) NEWOWN(GEORGE) SUBTREE(*ALL) SYMLNK(*YES)

This command will first determine if there are subtrees to process. Since the object specified in the OBJ parameter is a directory, the subtrees will be processed. When the processing of the tree encounters a *SYMLNK object, the value for the SYMLNK parameter will be applied to the *SYMLNK object. When the SYMLNK parameter is *YES, the symbolic link object will be changed. The processing of that branch of the tree then stops because the *SYMLNK object itself does not have a subtree.

In this example, the owner of dir1, dir2.1, dir2.2, dir2.3, dir3.1, dir3.2, sym3.3 is changed to GEORGE and the authority is revoked from their current owners. The owner of dirA, dirB.1, dirB.2, dirB.3 is not changed.



Example 6: Changing the owner of a directory when SUBTREE(*NONE) and SYMLNK(*NO)

CHGOWN OBJ(¡¯/dir1¡¯) NEWOWN(BETTY) SUBTREE(*NONE) SYMLNK(*NO)

This command will not process subtrees. Since the object specified in the OBJ parameter is not a symbolic link, the SYMLNK parameter will be ignored.

The owner of dir1 is changed to BETTY and the authority is revoked from the current owner.

NOTE: The only way to change dirB.1, dirB.2, and dirB.3 is to specify them individually in the OBJ parameter of the change command, or to specify the change command with OBJ(dirA) and SUBTREE(*ALL).