[an error occurred while processing this directive]

HP OpenVMS Systems
Content starts here

HP Advanced Server for OpenVMS
Commands Reference Manual

Previous Contents Index

SET FILE

Sets or modifies auditing or permissions on directories and files within a shared directory.

Format

SET FILE path [[domain-name\]name[,...]] [/qualifiers]

restrictions

Use of this command does not require special group membership. However, you must have read permission to the files and directories you modify.

Related Commands

SHOW FILES
SHOW OPEN_FILES

Parameters

path

Specifies the UNC (Universal Naming Convention) path to the directory or file for which to set auditing or permission information.

[domain-name\]name

The name specifies one or more users or groups for which to set auditing or permissions.

You can specify users or groups in the domain being administered or in a trusted domain. To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, the user account or group is assumed to be defined in the domain of the server currently being administered.

To remove all auditing information or permissions for all users and groups from the specified directory or files, omit the list of names and use the /REMOVE qualifier to remove the desired information. If you specify a user or group, you must include the /AUDIT, /PERMISSIONS or /REMOVE qualifiers to specify an action to perform.

Qualifiers

/APPLY_TO=(option[,...])

Controls how existing files and other subdirectories are affected by the change in attributes. This qualifier is only valid if path specifies a directory. By default, the change in attributes is applied to the specified directory, and its existing files only. You use the /APPLY_TO qualifier to change this default behavior. The option keyword can be one or more of the following:
Option Description
[NO]FILES FILES applies changes to existing files in the directory and to the directory itself. NOFILES applies changes only to the directory itself. Changes are not applied to existing files in the directory. NOFILES is the default.
[NO]SUBDIRECTORIES
  SUBDIRECTORIES applies changes to all existing subdirectories under the directory and to the directory itself. If you also specify FILES, the changes apply to the existing files in the subdirectories as well. NOSUBDIRECTORIES prevents changes from being applied to subdirectories under the directory. NOSUBDIRECTORIES is the default.

/AUDIT=(audit-type[=(event[,...])][,...])

Specifies a list of events to set or clear for auditing. The /AUDIT qualifier is position-sensitive: if specified before any name values, it applies to all names in the list that do not have explicit /AUDIT values of their own; otherwise it pertains only to the name on which it is specified. The audit-type keyword can be one or more of the following:
Audit-Type Description
NONE Disables auditing of all failure and success events; cannot be specified with the FAILURE or SUCCESS audit-types
FAILURE Sets audit failure events
SUCCESS Sets audit success events

The FAILURE and SUCCESS audit-types are used to specify which failure and success audit events are to be enabled or disabled. Precede an event type with NO to disable auditing of that event. The event keyword can be one or more of the following:

Event Description
ALL Audits all events.
NONE No events will be audited.
[NO]READ For directories, audits display of file names, attributes, permissions, and owner. For files, audits display of file's data, attributes, permissions, and owner.
[NO]WRITE For directories, audits creation of subdirectories and files, changes to attributes, and display of permissions and owner. For files, audits changes to the file's data or attributes, and display of permissions and owner.
[NO]EXECUTE For directories, audits display of attributes, permissions, and owner, and changing to subdirectories. For files, audits running of program files and display of attributes, permissions, and owner.
[NO]DELETE Audits deletion of the directory or file.
[NO]CHANGE_PERMISSIONS
  Audits changes to permissions for a directory or file.
[NO]TAKE_OWNERSHIP
  Audits changes in ownership of a directory or file.

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before removing all permissions from a directory or files. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/LOG

/NOLOG

Controls whether the SET FILE command displays the file specifications of each file after its attributes have been modified. The default is to display all files modified.

/PERMISSIONS=(access-type[,...])

Sets or modifies access permissions on a directory or file. The /PERMISSIONS qualifier is position-sensitive: if specified before any name parameters, it applies to all names in the list that do not have explicit /PERMISSIONS values of their own; otherwise it pertains only to the name on which it is specified. The access-type is the type of access to be granted.

All permissions can be removed by using the /REMOVE=PERMISSIONS qualifier without specifying a name. If you remove all permissions from a directory or file, no one will be able to access it, and only the owner will be able to change the permissions.

If path specifies a directory, the access-type keyword can be one of the following:

Directory Access Type Description
NONE Prevents any access to the directory or any of its files.
LIST Allows viewing file names and subdirectory names, and changing to the directory's subdirectories. Disallows access to files unless granted by other directory or file permissions.
READ Allows viewing file names and subdirectory names, changing to the directory's subdirectories, and viewing data in files and running applications.
ADD Allows adding files and subdirectories to the directory. Disallows access to files unless granted by other directory or file permissions.
ADD_AND_READ
  Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, and adding files and subdirectories to the directory.
CHANGE Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, adding files and subdirectories to the directory, changing data in files, and deleting the directory and its files.
FULL Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, adding files and subdirectories to the directory, changing data in files, deleting the directory and its files, changing permissions on the directory and its files, and taking ownership of the directory and its files.
DIRECTORY_SPECIFIC=( access[,...])
  Grants specific access rights to the directory. The access keyword can be one or more of the following:
Access Description
FULL Allows complete access to the directory
NONE Allows no access to the directory
READ Allows viewing the names of files and subdirectories
WRITE Allows adding files and subdirectories
EXECUTE Allows changing to subdirectories in the directory
DELETE Allows deleting the directory
CHANGE_PERMISSIONS
  Allows changing the directory permissions
TAKE_OWNERSHIP
  Allows taking ownership of the directory
Directory Access Type Description
FILE_SPECIFIC=( access[,...])
  Grants specific access rights to the files in the directory. The access keyword can be one or more of the following:
Access Description
NOT_SPECIFIED Indicates that no file-specific access permissions are specified; cannot be used with any other access permission
FULL Allows complete access to the file and its data
NONE Allows no access to the file
READ Allows viewing the file's data
WRITE Allows changing the file's data
EXECUTE Allows running the file if it is a program file
DELETE Allows deleting the file
CHANGE_PERMISSIONS
  Allows changing the file's permissions
TAKE_OWNERSHIP
  Allows taking ownership of the file

If path specifies a file, the access-type keyword can be one of the following:

Directory Access Type Description
NONE Prevents any access to the file. Specifying no access for a user prevents access even if that user belongs to a group that has access to the file.
READ Allows viewing the file's data and running the file if it is a program.
CHANGE Allows viewing the file's data, running the file if it is a program, changing the data in the file, and deleting the file.
FULL Allows viewing the file's data, running the file if it is a program, changing the data in the file, deleting the file, changing permissions on the file, and taking ownership of the file.
FILE_SPECIFIC=( access[,...])
  Grants specific access rights to the file. The access keyword can be one or more of the following:
Access Description
FULL Allows complete access to the file and its data
NONE Allows no access to the file
READ Allows viewing the file's data
WRITE Allows changing the file's data
EXECUTE Allows running the file if it is a program file
DELETE Allows deleting the file
CHANGE_PERMISSIONS
  Allows changing the file's permissions
TAKE_OWNERSHIP
  Allows taking ownership of the file

/REMOVE=(attribute[,...])

Removes a given attribute from the directory or file specified by path. The /REMOVE qualifier is position sensitive: if specified before any name values, it applies to all names in the list that do not have explicit /REMOVE values of their own; otherwise it pertains only to the name after which it is specified. The attribute keyword can be one or more of the following:
Attribute Description
AUDIT Removes all auditing information for the specified directory or file
PERMISSIONS Removes all permission information for the specified directory or file

For any given name, the /PERMISSIONS qualifier overrides the
/REMOVE=PERMISSIONS qualifier, and the /AUDIT qualifier overrides the /REMOVE=AUDIT qualifier.

/SERVER=server-name

Specifies the name of the server on which to set directory or file permissions. The default is the server currently being administered.

Examples

#1 

 LANDOFOZ\\TINMAN> SET FILE STATES\KANSAS -
 _LANDOFOZ\\TINMAN> MUNCHKINS/AUDIT=(SUCCESS=DELETE)
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\" modified
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\MYPROG.EXE" modified
 %PWRK-S-FILESMODIFIED, total of 4 files modified

This example sets auditing for all successful deletions done by members of the group MUNCHKINS to the directory, subdirectories and files of the shared directory KANSAS in the share called STATES that resides on the server currently being administered (TINMAN).

#2 

 LANDOFOZ\\TINMAN> SET FILE/PERMISSIONS=READ STATES\KANSAS\*.DAT -
 _LANDOFOZ\\TINMAN> MUNCHKINS,WIZARD,SCARECROW/PERMISSIONS=FULL
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified
 %PWRK-S-FILESMODIFIED, total of 2 files modified

This example grants the group MUNCHKINS and the user WIZARD, READ access, and the user SCARECROW FULL access to all .DAT files in the shared directory KANSAS in the share called STATES that resides on the server currently being administered (TINMAN).

SET MODE

Settings made with this command are preserved until you log out from the system. These settings will determine the mode default that takes effect each time you invoke the ADMINISTER command interface.

You can set permanent default by inserting the appropriate SET MODE command in your LOGIN.COM file. The server does not have to be running for this command to execute.

Format

SET MODE [/qualifier]

restrictions

None

Related Commands

SHOW MODE

Examples

SET PASSWORD

Sets a new password for a user account in a domain.

Format

SET PASSWORD [user-name [old-password [new-password]]] [/qualifier]

restrictions

Use of this command does not require special group membership.

Passwords entered on the SET PASSWORD command line are accepted as caseless. See restrictions regarding the old-password and new-password parameters.

Parameters

user-name

Specifies the user account name of the user whose password is to be changed. If you do not enter a user name on the command line, you will be prompted to enter one.

old-password

Specifies the current password for the user account. The password is displayed as you enter it. If you do not enter a password, or you enter it as an asterisk (*), a prompt is issued. The password is not displayed when you enter it at the prompt.

Passwords entered on the command line are converted to uppercase unless they are enclosed within quotation marks. If the password contains lowercase letters, blanks (spaces), or other nonalphanumeric characters, enclose it in quotation marks unless you enter it in response to the password prompt.

new-password

Specifies the new password for the user account, which may be up to 14 characters in length. If you omit the new password, or you specify it as an asterisk (*), you are prompted for the new password and a confirmation. The password is not displayed when you enter it at the prompt.

New passwords are accepted as caseless. For a new password that includes lowercase letters, use the MODIFY USER command with the /PASSWORD qualifier (requires administrative privileges).

Qualifiers

/DOMAIN=domain-name

Specifies the domain in which to change the password. The default is the domain of the local server.

Examples

#1 

 LANDOFOZ\\TINMAN> SET PASSWORD LION GOLD SILVER
 %PWRK-S-PSWCHANGED, password changed for user "LION" in domain "LANDOFOZ"

The example changes the password for the user LION from GOLD to SILVER. The password is changed on the domain of the local server, which in this example is LANDOFOZ.

#2 

 LANDOFOZ\\TINMAN> SET PASSWORD WIZARD/DOMAIN=KANSAS
 Old password:
 New password:
 New password verification:
 %PWRK-S-PSWCHANGED, password changed for user "WIZARD" in domain
 "KANSAS"

This example changes the password for user WIZARD on the domain KANSAS. Because the old and new passwords were not specified on the command line, prompts were issued for the old password, the new password, and a verification of the new password.

Previous Next Contents Index