|
|
|
|
Task | Section |
---|---|
Display file
ownership and protection
|
Displaying File Ownership and Protection
|
Protect disk
files
|
Protecting Disk Files
|
Protect disk
directories
|
Protecting Disk Directories
|
Protect magnetic tape files
|
Protecting Magnetic Tape Files
|
Understanding File
Protection Concepts
You can protect data on disk and magnetic tape media at the
following levels:
Level of Protection | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Device level
|
For information about setting
device protection characteristics, see the descriptions of the DCL
commands INITIALIZE, MOUNT, SET DEVICES, SET SECURITY/PROTECTION,
and SET VOLUME in
Managing Storage Media and
in the HP OpenVMS DCL Dictionary. Refer to
Managing Peripheral Devices for additional information about peripheral
devices.
|
||||||||||||
Volume level
|
The system provides protection
for disk and tape volumes. For more information, see the following
sections:
|
||||||||||||
File level
|
The system provides protection for disk
files and directory files. For more information, see the following
sections:
|
You can protect data residing on disk and tape volumes by using one or more of the following methods:
Type of Protection | For More Information |
---|---|
UIC-based protection
codes
|
Security Considerations
|
Access control
lists (ACLs)
|
Security Considerations
|
ISO 9660-formatted
media protection
|
Protecting Tape Volumes
|
ANSI-standard accessibility
protection (magnetic tape only)
|
Protecting Tape Volumes
|
For the most part, file protection is transparent. Tools exist, however, to adjust the protection of a file. You can set the protection or modify the ACL of a file if at least one of these statements is true:
Displaying File Ownership and Protection
You can display ownership and protection information with
the commands and qualifiers shown in
DCL Commands to Display Ownership and Protection.
Directory structures do not apply to tape volumes. However, you can use the DIRECTORY command to search for files on tape volumes. Accessing Tape Files describes how to access tape files for read and write operations and also explains the use of the DIRECTORY command for tapes.
The DCL command SHOW PROTECTION displays the current process default protection. This protection is applied to files created during your terminal session or to batch jobs, where defaults from directories or previously existing versions are not available.
To use the SHOW PROTECTION command to display the default protection of magnetic tapes, you must specify the /PROTECTION qualifier with the INITIALIZE command when you initialize the magnetic tape volume. Otherwise, the protection is not written to the magnetic tape volume. See the description of initializing magnetic tape volumes in Initializing Volumes. |
In this example, the SHOW PROTECTION command requests a display of the current protection defaults.$
SHOW PROTECTION
SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
Protecting Disk Files
Each file on a disk has its own protection code, which is
distinct from the protection that applies to the disk volume itself.
Files residing on disk volumes have the access types shown in
Access Types with Disk File Protection.
If you do not define a protection code for a file when you create it, the system applies default protection. If a version of the file already exists, protection is taken from the previous version.
For a new file, the system determines protection in two major ways:
For disk volumes, each file on the volume can have a different protection associated with it. The SET SECURITY/PROTECTION command and other file-manipulating commands allow you to define the protection for individual files.
To protect a file completely, you must protect both the file itself and the directory that lists the file. To protect a file against unauthorized access, specify the proper protection both for the directory that lists the file and for the file itself. See Protecting Disk Directories for instructions on protecting directories. |
Task | Section |
---|---|
Set default
disk file protection
|
Setting Default Disk File Protection
|
Set explicit
disk file protection
|
Setting Explicit Disk File Protection
|
Modify disk file protection
characteristics
|
Modifying Disk File Protection Characteristics
|
Setting Default Disk File Protection
A new file receives default UIC-based protection and the default
access control entries (ACEs), if any, of its parent directory.
A new version of an existing file receives the UIC-based protection
and ACL of the previous version.
The protection of a renamed file is unchanged unless you use the RENAME/INHERIT command.
How to Change Default UIC Protection
The operating system provides each process with a default UIC-based protection of (S:RWED,O:RWED,G:RE,W). To change the default protection that is applied to files created by that process, enter the SET PROTECTION/DEFAULT command using the following format:SET PROTECTION[=(code)]/DEFAULT
where:
code
|
Defines the protection to be applied
to the specified files. If you omit the code, the access is set
to the current default protection.
|
For example, if you place the following command in your login command procedure, you grant all processes read and execute access to any files that you subsequently create:
$ SET PROTECTION = (S:RWED,O:RWED,G:RE,W:RE)/DEFAULT(Remember that you must execute the login command procedure for this command to take effect.)
Setting Explicit Disk File Protection
You can explicitly specify UIC-based protection for a new
file with the /PROTECTION qualifier (valid with the BACKUP, COPY,
RENAME, and CREATE commands), as shown in the following command
line:
After a file is created and you have created an ACL for the file, you can modify the ACL and add as many ACEs to the ACL as you want. The protection specified by the ACL overrides the UIC protection of the file.$
CREATE MAST12.TXT/PROTECTION=(S:RWED,O:RWED,G,W)
The following examples show how to check and specify protection codes.
The SHOW PROTECTION command displays the current default protection. In this example, the response shows the system default protection, which indicates that the system and owner have all types of access, group users have read and execute access, and world users have no access.$
SHOW PROTECTION
SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
In this example, the SHOW SECURITY command displays the current protection associated with the file IMAGES.DIR.$
SHOW SECURITY IMAGES.DIR
DBA1:[SADAMS]IMAGES.DIR;1 object of class FILE
Owner: [SAM,SADAMS]
Protection: (System: RWE, Owner: RWE, Group: RE, World: E)
Access Control List:
(IDENTIFIER=[SAM,SADAMS],ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
In this example, the /SECURITY qualifier with the DIRECTORY command displays the current protection associated with the IMAGES.DIR file.$
DIRECTORY/SECURITY IMAGES.DIR
Directory DBA1:[SADAMS]
IMAGES.DIR;1 [VMS,SADAMS] (RWE,RWE,RE,E)
(IDENTIFIER=[VMS,SADAMS],ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
Total of 1 file.
In this example, the /PROTECTION qualifier specifies a protection code when the ABC.DAT file is copied to XYZ.DAT.$
COPY/PROTECTION=(SYSTEM:RW,OWNER:RWED,GROUP:RW,WORLD) ABC.DAT XYZ.DAT
In this example, the SET SECURITY/PROTECTION command changes the protection for an existing file. The command gives the following instructions regarding the file ABC.DAT: system users have read, write, and execute access; the owner has read, write, execute, and delete access; group users have only read and execute access; world users have no access.$
SET SECURITY/PROTECTION=(SYSTEM:RWE,OWNER:RWED,GROUP:RE,WORLD) ABC.DAT
Modifying Disk File
Protection Characteristics
DCL Commands to Modify File Protection Characteristics shows the DCL
commands that you can use to establish and modify the protection
characteristics of files.
Command | Description | For More Information |
---|---|---|
SET DIRECTORY
|
Modifies the
characteristics of one or more directories. The directory protection
can override the protection of individual files within the directory.
|
See
Protecting Disk Directories.
|
SET FILE
|
Modifies the
characteristics of one or more files, including the version limits
on files.
|
See
Using the SET FILE Command.
|
SET PROTECTION/DEFAULT
|
Sets the default
UIC protection on files.
|
Refer to the HP OpenVMS Guide to System Security
|
SET SECURITY
|
Modifies the
security profile of an object. Such a profile contains the following characteristics:
|
Refer to the HP OpenVMS Guide to System Security and
the HP OpenVMS DCL Dictionary
.
|
SET VOLUME
|
Changes the characteristics
of one or more mounted Files-11 volumes. The /FILE_PROTECTION qualifier
sets the default protection to be applied to all files on the specified
disk volume.
|
See
Changing Protection After Disk Volumes Are Mounted.
|
For a complete list of the command qualifiers and parameters applicable to each of these DCL commands, refer to the HP OpenVMS DCL Dictionary .
Changing File Protection Characteristics To change or reset the protection characteristics of one or more files, use the following format:SET SECURITY/PROTECTION = code file-spec[,...]
where:
code
|
Defines the protection to
be applied to the specified files. You cannot omit the code.
|
file-spec
|
Specifies one or more files for which
the protection is to be changed. A file name and file type are required.
If you omit a version number, the protection is changed only for the
highest existing version of the file. Wildcard characters are allowed.
|
The following examples show ways to change file protection.
In this example, the file INCOME.DAT;3 is protected against deletion. The SET SECURITY/PROTECTION command changes only the owner's delete access for the file INCOME.DAT;3. Now the owner can delete the file.$
DELETE INCOME.DAT;3
%DELETE-W-FILNOTDEL, error deleting DISK1:[SMITH]INCOME.DAT;3
-RMS-E-PRV, insufficient privilege or file protection violation
$
SET SECURITY/PROTECTION=OWNER:D INCOME.DAT;3
$
DELETE INCOME.DAT;3
In this example, the SET SECURITY/PROTECTION command changes the protection codes applied to the PAYROLL.LIS file. To the file, the command gives the system read access; the owner has read, write, execute, and delete access; and users in the owner's group have read and write access.$
SET SECURITY/PROTECTION=(SYSTEM:R,OWNER:RWED,GROUP:RW) PAYROLL.LIS
Using the SET FILE Command You can use the DCL command SET FILE to modify the characteristics of one or more files or to assign an additional name, or alias, to a file. The following examples illustrate ways you can use the SET FILE command.
This SET FILE command requests that the expiration date of the file BATCH.COM;3 be set to 11:00 a.m., April 15, 2000.$
SET FILE/EXPIRATION_DATE=15-APR-2000:11:00 BATCH.COM;3
This SET FILE command erases disk locations for files that are deleted with commands such as DELETE or PURGE when applied to all files that match the file specification PERSONNEL*.SAL and are dated before April 15, 2000.$
SET FILE/BEFORE=15-APR-00/ERASE_ON_DELETE PERSONNEL*.SAL
This SET FILE command modifies the characteristics of the file MYFILE.DAT, changing the owner UIC and assigning a file version limit of 100. Note that the /OWNER_UIC qualifier requires SYSPRV or GRPPRV privilege for changing the ownership at the system or group level.$
SET FILE/OWNER_UIC=[DOCUMENTATION,GRAY]/VERSION_LIMIT=100 MYFILE.DAT
This SET FILE command assigns an additional name, or alias (NEW_FILENAME.DAT), to the file OLD_FILENAME.DAT. Both the original name and the alias refer to the same file. For this reason, be careful when you delete files with aliases. To keep the file, but to remove one of its names, use the /REMOVE qualifier with the SET FILE command. You cannot use wildcards in the file name. (Refer to the HP OpenVMS DCL Dictionary for details.)$
SET FILE OLD_FILENAME.DAT/ENTER=NEW_FILENAME.DAT
Protecting Disk Directories
Each directory has a protection associated with it. Directory
protection can override the protection of individual files within
the directory. For example, if a directory denies world access,
world users cannot look up files in that directory even though the
files permit world access.
For directory protection, you can use the access types shown in Access Types for Directory Protection.
Using UIC Directory Protection
You cannot completely protect a file without applying at least the same protection to the directory in which the file resides. For example, if you deny a user all access to a file but allow that user read access to the file's directory, the user cannot access the contents of the file but can see that it exists. Conversely, a user allowed access to a file and denied access to the file's directory (or one of the parent directories) cannot see that the file exists.
To protect sensitive files, the directory protection alone is not adequate. You must also protect each individual file contained within the directory. Protecting Disk Files contains instructions for protecting disk files. |
Guidelines for specifying UIC-based protection on a directory follow.
The following sections explain how to change directory protection characteristics and default ACL protection.
Changing Directory UIC Protection Characteristics
The
DCL command SET DIRECTORY modifies the characteristics of one or
more directories.
The SET DIRECTORY command in this example modifies both the [DAVIS] and [USERS] directories, changing their owner UICs. Using the /OWNER_UIC qualifier requires SYSPRV (system privilege).$
SET DIRECTORY/OWNER_UIC=[360,020] [DAVIS],[USERS]
Changing Default ACL Protection
You can override default UIC protection for specified
directories or subdirectories by placing a default protection ACE
in the ACL of the appropriate directory file. The default protection
specified in the ACE is applied to any new file created in the specified
directory or in any subdirectory of the directory.
The following ACE, which must be in the ACL of a directory file, specifies that the default protection (for files created in the directory and its subdirectories) will allow system and owner processes full access, group processes read and execute access, and world users no access:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G:RE,W:)
Protecting Magnetic Tape Files
Because tapes are single-user devices, tape protection is
only at the volume level. The protection codes for magnetic tape
volumes are usually assigned with
the INITIALIZE command.
You cannot use DCL commands to change protection characteristics on magnetic tape volumes. See Using MOUNT Command Qualifiers When You Mount Disks for more information.
|
|