|
HP OpenVMS System Manager's Manual, Volume 1:... |
Security Considerations |
|
|
| |
Kinds of Entries in an ACL
An access control list (ACL) is a list of entries, each of
which defines some attribute of an object. Each entry is called
an access control entry (ACE) .
The following security-relevant types of ACEs are available:
| ACE | Description |
|---|---|
|
Identifier
ACE
|
Controls the types of access
allowed to specific users based on the user's identification. Each
Identifier ACE includes one or more rights identifiers and a list
of the types of access the user holding the identifier has permission
to exercise. See
Types of Identifiers for a summary of identifiers.
For example, the following ACE grants the user Jones read, write, and execute access to an object: (IDENTIFIER=[ACCOUNTING,JONES],ACCESS=READ+WRITE+EXECUTE) |
|
Default Protection
ACE
|
Allows you to specify a
protection code for a directory file that is propagated to all files created
within that directory and its subdirectories.
For example, the following ACE assigns a protection code to newly created files in a directory. The code gives users in the system and owner categories full access, it gives group users both read and execute access, and it denies access to users in the world category. (DEFAULT_PROTECTION,S:RWED,O:RWED,G:RE,W:) |
|
Creator ACE
|
Adds an extra ACE to the
ACL of a file created within the directory to which you assign the
Creator ACE. The Creator ACE applies when the file being created
is not owned by the user identification code (UIC) of the process
creating the file, such as when the directory is owned by a resource
identifier.
The following ACE, for example, specifies that any user creating a file in the directory will receive read, write, execute, and delete access to it: (CREATOR,ACCESS=READ+WRITE+EXECUTE+DELETE) The Creator ACE applies to directory files only. |
|
Security Alarm ACE
|
Allows you to request that
a security alarm message be sent to the operator's terminal if an
object is accessed in a particular way.
For example, the following ACE causes an alarm message whenever a particular file is successfully read: (ALARM=SECURITY,ACCESS=SUCCESS+READ) The security Alarm ACE has no effect unless ACL alarms are enabled with the following command:
|
|
Security Audit ACE
|
Specifies the access criteria
that cause a security alarm message be sent to the system security
audit log file if an object is accessed in a particular way.
For example, the following ACE causes an alarm message whenever a particular file is successfully read: (AUDIT=SECURITY,ACCESS=SUCCESS+READ) A message is recorded only if ACL audits are enabled with the DCL command SET AUDIT/AUDIT/ENABLE=ACL. |
|
Subsystem ACE
|
Grants additional identifiers to a process
while it is running the image to which the Subsystem ACE applies.
Users with execute access to the image can access objects that are
in the protected subsystem, such as data files and printers, but
only when they run the subsystem image. The Subsystem ACE applies
to executable images only.
For example, the following ACE adds the identifier ACCOUNTING to processes that are executing a particular subsystem image. The identifier entitles the processes to access objects owned by the subsystem. (SUBSYSTEM, IDENTIFIER=ACCOUNTING) |
Refer to the HP OpenVMS System Management Utilities Reference Manual for a complete description of each kind of ACE. The HP OpenVMS Guide to System Security provides further details on how to construct and apply ACEs.
Types of Identifiers
An Identifier ACE can contain different types of identifiers.
Any of these identifiers is an alphanumeric string of 1 to 31 characters
with at least one alphabetic character. Valid characters include
numbers 0 to 9, characters A to Z, the dollar sign ($), and the
underscore (_). The following table lists each type of identifier:
In addition to the environmental identifiers, a system node identifier of the form SYS$NODE_node_name is created by the system startup procedure (STARTUP.COM in SYS$SYSTEM).
|
|
