|
HP OpenVMS DCL Dictionary
SHOW SECURITY
Displays the name, class, and profile of a protected object.
Format
SHOW SECURITY object-name
Parameter
object-name
Specifies the name of an object whose security profile is to be
displayed. If the object class is SECURITY_CLASS, you can specify an
asterisk (*) as object-name to see a display of all security
class objects. An object name of the FILE class (explicitly or
implicitly specified) can include the asterisk (*) and the percent sign
(%) wildcard characters; however, wildcard characters are not allowed
in any class other than FILE or SECURITY_CLASS.
Description
The SHOW SECURITY command displays the name, class, and profile of a
protected object. A profile includes an access control list (ACL), the
protection code, and the owner of a protected object. For
SECURITY_CLASS objects, SHOW SECURITY displays all the template
profiles, which are the basis for profiles of new objects.
The /CLASS qualifier identifies the class object-name is a
member of. If the class is DEVICE and the object is a disk device on
which a volume is mounted as a Files-11 (rather than foreign) volume,
then both the device and the volume profiles are displayed.
All qualifiers other than /CLASS apply only to files.
For a description of protected objects, see the HP OpenVMS Guide to System Security.
Qualifiers
/BACKUP
Modifies the time value specified with the /BEFORE or the /SINCE
qualifier. The /BACKUP qualifier selects files according to the dates
of their most recent backups (rather than by the creation, expiration,
or modification date). By default, SHOW SECURITY selects files
according to their creation date.
/BEFORE[=time]
Selects only those files dated prior to the specified time. You can
specify time as absolute time, as a combination of absolute and delta
times, or as one of the following keywords: BOOT, LOGIN, TODAY
(default), TOMORROW, or YESTERDAY. Specify the /CREATED or the
/MODIFIED qualifier to indicate the time attribute to be used as the
basis for selection. The /CREATED qualifier is the default.
For complete information on specifying time values, see the
OpenVMS User's Manual or the online help topic Date.
/BY_OWNER[=uic]
Selects files whose owner's UIC matches the UIC specified with
uic. The default UIC is that of the current process.
Specify the UIC by using the standard format described in the
HP OpenVMS Guide to System Security.
/CLASS=class
Specifies the class of the object whose profile is to be displayed. By
default, the command assumes the object class is FILE. Object class
keywords are as follows:
CAPABILITY
COMMON_EVENT_CLUSTER
DEVICE
FILE
GROUP_GLOBAL_SECTION
ICC_ASSOCIATION
|
LOGICAL_NAME_TABLE
QUEUE
RESOURCE_DOMAIN
SECURITY_CLASS
SYSTEM_GLOBAL_SECTION
VOLUME
|
/CREATED
Modifies the time value specified with the /BEFORE or the /SINCE
qualifier. The /CREATED qualifier selects files according to the date
they were created (rather than by the backup, expiration, or
modification date). By default, SHOW SECURITY selects files according
to their creation date.
/EXCLUDE=(filespec[,...])
Excludes the specified files from the SHOW SECURITY operation. You can
include a directory, but not a device, in the file specification. You
cannot use relative version numbers to exclude a specific version.
/EXPIRED
Modifies the time specified with the /BEFORE or the /SINCE qualifier.
The /EXPIRED qualifier selects files according to their expiration
dates rather than by the backup, creation, or modification date. (The
expiration date is set with the SET FILE/EXPIRATION_DATE command.) By
default, files are selected according to their creation date.
/MODIFIED
Modifies the time value specified with the /BEFORE or the /SINCE
qualifier. The /MODIFIED qualifier selects files according to the dates
on which they were last modified, rather than by the backup, creation,
or expiration date. By default, files are selected according to their
creation date.
/SINCE[=time]
Selects only those files dated on or after the specified time. You can
specify time as absolute time, as a combination of absolute and delta
times, or as one of the following keywords: BOOT, JOB_LOGIN, LOGIN,
TODAY (default), TOMORROW, or YESTERDAY. Specify the /CREATED or the
/MODIFIED qualifier to indicate the time attribute to be used as the
basis for selection. The /CREATED qualifier is the default.
For complete information on specifying time values, see the
OpenVMS User's Manual or the online help topic Date.
/SYMLINK=keyword
The valid keywords for this qualifier are [NO]WILDCARD, [NO]ELLIPSIS,
and [NO]TARGET. Descriptions are as follows:
Keyword |
Explanation |
NOWILDCARD
|
Indicates that symlinks are disabled during directory wildcard searches.
|
WILDCARD
|
Indicates that symlinks are enabled during wildcard searches.
|
NOELLIPSIS
|
Indicates that symlinks are matched for all wildcard fields except for
ellipsis.
|
ELLIPSIS
|
Equivalent to WILDCARD (included for command symmetry).
|
TARGET
|
Indicates that if the target file of the file specification is a
symlink, then the target file is followed.
|
NOTARGET
|
Indicates that the command operates on the target file even if it is a
symlink.
|
If the file named in the SHOW SECURITY command is a symlink, the
command by default operates on the symlink itself.
Examples
#1 |
$ SHOW SECURITY LNM$SYSTEM_TABLE /CLASS=LOGICAL_NAME_TABLE
LNM$SYSTEM_TABLE object of class LOGICAL_NAME_TABLE
Owner: [SYSTEM]
Protection: (System: RWC, Owner: RWC, Group: R, World: R)
Access Control List:
(IDENTIFIER=[USER,SVENSEN],ACCESS=CONTROL)
|
This example shows a typical request to display the security elements
of an object. The logical name table LNM$SYSTEM_TABLE is displayed with
the settings of the security elements owner, protection, and ACL.
#2 |
$ SHOW SECURITY/CLASS=DEVICE $99$DUA22
_$99$DUA22: object of class DEVICE
Owner: [SALES,TSUTTER]
Protection: (System: RWPL, Owner: RWPL, Group: R, World)
Access Control List: <empty>
RES17SEP object of class VOLUME
Owner: [FEAST,FY93]
Protection: (System: RWCD, Owner: RWCD, Group: RWCD, World: RWCD)
Access Control List: <empty>
$ SHOW DEVICE $99$DUA22
Device Device Error Volume Free Trans Mnt
Name Status Count Label Blocks Count Cnt
$99$DUA22: (KUDOS) Mounted 0 RES17SEP 649904 1 2
|
This example shows a request for the security profile of a disk device.
The resulting display provides both the profiles of the disk $99$DUA22
and the volume RES17SEP that is mounted on it. The subsequent SHOW
DEVICE command confirms that the volume is mounted on the device
$99$DUA22.
#3 |
$ SHOW SECURITY LOGICAL_NAME_TABLE /CLASS=SECURITY_CLASS
LOGICAL_NAME_TABLE object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List: <empty>
Template: GROUP
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: R, Group: R, World: R)
Access Control List: <empty>
Template: JOB
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group, World)
Access Control List: <empty>
Template: DEFAULT
Owner: [SYSTEM]
Protection: (System: RW, Owner: RW, Group: R, World: R)
Access Control List: <empty>
|
This example shows the output for the special case of a security class
object. The security class object LOGICAL_NAME_TABLE is displayed with
the security profile. In addition, three templates are displayed.
#4 |
$ SHOW SECURITY * /CLASS=SECURITY_CLASS
SECURITY_CLASS object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List: <empty>
LOGICAL_NAME_TABLE object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List: <empty>
.
.
.
|
This example shows the output for the special case of showing all the
security classes currently registered. The asterisk (*) wildcard
character is used; any other form of wildcard characters is not
accepted. Security profiles are shown for each security class. Note
that template information is not shown.
|