|
HP OpenVMS Systemsask the wizard |
|
The Question is: how can i implement directory level security so the only the owner of the files in that specific directory can view,modify and delete the files created by him. i also want to implement the security that only the owner can ftp files created by him. how can i complete this task. The Answer is : Security can be discretionary and thus you can establish default security settings but the user can override these, or security can be mandatory and the users cannot alter the security attributions. OpenVMS provides discretionary security. Those OpenVMS releases with SEVMS releases available and installed provide non-discretionary (mandatory) security. You cannot prevent a user from setting the protections on any object that the user owns, as such a user has what is known as control access to the object. (A corrollary here: if the user does not own the object, then the user cannot alter the protections. This is available on OpenVMS using ACLs and identifiers, and most commonly involves the use of the so-called resource identifier mechanism.) In security terminology, an object is a file, directory, queue, global section, or other such security-relevent construct. Ownership of an object is determined based on the UIC value assigned to the object. Access is determined by comparing the object ownership and the object protection mask and any ACL that might be associated with the object against the UIC and identifiers of the accessor. OpenVMS Engineering recommends that all users be assigned unique UIC values. To establish default protections on an object such as a directory, you can use the DEFAULT_PROTECTION access control list entry (ACE). Within a process, use the SET SECURITY/DEFAULT command to establish local defaults for objects the process might create. Also see the RMS_FILEPROT system parameter. The SET PROTECTION/DEFAULT command referenced in your question is also available and is a direct ancestor of SET SECURITY/DEFAULT, though that DCL command syntax was depreciated starting with OpenVMS V6.0. To estabish mandatory protections (assuming SEVMS is installed and running), you must use the SET SECURITY command to associate the object (likely) with a security category and to configure the user with access to the category. You likely do not need nor want to use different security levels or security ranges here, though that is an option. For details on OpenVMS security and on configuring and customizing security, please see the security manual. For details on SEVMS, please see the SEVMS documentation set. The former is available at the website. The latter is not. When configuring security, you WILL want to become familiar with the manual, and particularly with the configuration recommendations in the appendix. For users with privileges and other security-related topics, please see topics (3289), (5639), (7368), and others.
|