|
HP OpenVMS Systemsask the wizard |
|
The Question is: How can I limit a particular user to its home directory only? Meaning he/she cannot access other directories other than that of its home directory. The Answer is : The typical OpenVMS product implements security by: 1) establishing the ownership and protection of resources, and 2) granting users rights or resource identifiers. All resources, e.g. files, directories, disk volumes, etc., are owned. The owner can be a specific user or rights identifier. The owner of a resource has the ability to change the protection of it, amongst other things. The protection of a resource can range from simple to elaborate. It might allow only a lone particular user access and deny all others. It might have a long list of rights identifiers allowed access, followed by long list of others explicitly denied, and even include triggers for generating alerts when accessed by yet other users, etc. The initial protection of a resource when it is created can be controlled. A user can be granted no rights, one right, or many rights. If the protection of a resource is set to allow unrestricted access then even a user with no granted rights is allowed access to it. To "limit a particular user to their home directory only", you must first establish security on the other sensitive resources appropriately -- the SET DEFAULT and similar commands are far less than the access potentially available to a user. Alternatively, you could use a CAPTIVE or (potentially) RESTRICTED username and the associated command procedure -- this can completely isolate the user. For details on this topic, please skim the security manual in the OpenVMS documentation set.
|