OpenVMS System Manager's Manual

Document revision date: 19 July 1999

OpenVMS System Manager's Manual

Contents

Index

8.3.3 Initializing a New Volume with ODS-5 Format

You can initialize a new volume as an ODS-5 volume by entering the INITIALIZE command using the following format. Note that once you initialize the volume, the current contents of the volume are lost.

$ INITIALIZE /STRUCTURE_LEVEL=5 device-name volume-label

For example:

$ INITIALIZE /STRUCTURE_LEVEL=5 DKA300: DISK1 $ MOUNT DKA300: DISK1 /SYSTEM %MOUNT-I-MOUNTED, DISK1 mounted on _STAR$DKA300:

The first command initializes the DKA300: device as an ODS-5 volume and assigns the volume-label DISK1. The second command mounts the DISK1 volume as a public volume.

To verify that the volume has been initialized as an ODS-5 volume, you can enter a SHOW DEVICE/FULL command; the system displays messages similar to the following:

$ SHOW DEVICE DKA200:/FULL Disk $10$DKA200:, device type RZ74, is online, allocated, deallocate on dismount, mounted, file-oriented device, shareable. Error count 0 Operations completed 155 . . . Volume Status: ODS-5, subject to mount verification, file high-water marking, write-back caching enabled.

An alternative method for displaying the volume type is to issue a command and receive a response similar to the following:

$ WRITE SYS$OUTPUT F$GETDVI ("DKA200:","ACPTYPE") F11V2

F11V2 indicates that the volume is ODS-2.

Note

If you plan to add the new volume to a volume set, the structure level of the new volume must match that of the volume set. If it does not, the Mount utility displays the following error message:

Structure level on device ... is inconsistent with volume set.

8.3.4 Assisting Users in Accessing and Initializing Volumes

Initializing volumes for users might be necessary in some circumstances:

If the volume previously contained data, the protection code might prevent users from accessing and initializing the volume.
If the first file section on the volume has not reached its expiration date, users might not be able to initialize a tape volume.
If the volume is owned by anyone except [0,0], the user must have VOLPRO privilege to override volume protection. If users do not have VOLPRO privilege, they must ask the previous owner of the volume or you, as system manager, to initialize it for them.
If a tape is blank, the user must have VOLPRO and OPER privileges to access and initialize it.

8.4 Protecting Volumes

Protection based on user identification codes (UICs) restricts users' access to volumes. By assigning access types to volumes, you determine the kinds of actions various groups of users can perform on volumes. Section 8.4.1 and Section 8.4.2 explain the differences between UIC-based protection for disk and tape volumes.

For additional access control, you can set access control lists (ACLs) on volumes. Volume ACLs are copied from the VOLUME.DEFAULT security class template. See Section 11.6 for more information about ACLs.

Table 8-9 shows the types of access you can assign to disk and tape volumes.

Table 8-9 Access Types for Disk and Tape Volumes
Access Type Gives you the right to...

Read Examine file names, print, or copy files from the volume. System and owner categories always have read access to tape volumes.

Write Modify or write to existing files on a volume. The protection of a file determines whether you can perform a particular operation on the file. To be meaningful, write access requires read access. System and owner categories always have write access to tape volumes.

Create Create files on a disk volume and subsequently modify them. Create access requires read and write access. This type of access is invalid for tape volumes.

Delete Delete files on a disk volume, provided you have proper access rights at the directory and file level. Delete access requires read access. This type of access is invalid for tape volumes.

Control Change the protection and ownership characteristics of the volume. Users with the VOLPRO privilege always have control access to a disk volume, with the following exceptions:

Mounting a file-structured volume as foreign requires control access or VOLPRO privilege.
Mounting a volume containing protected subsystems requires SECURITY privilege.

Control access is not valid with tapes.

**Table 8-9 Access Types for Disk and Tape Volumes**
Access Type	Gives you the right to...
Read	Examine file names, print, or copy files from the volume. System and owner categories always have read access to tape volumes.
Write	Modify or write to existing files on a volume. The protection of a file determines whether you can perform a particular operation on the file. To be meaningful, write access requires read access. System and owner categories always have write access to tape volumes.
Create	Create files on a disk volume and subsequently modify them. Create access requires read and write access. This type of access is invalid for tape volumes.
Delete	Delete files on a disk volume, provided you have proper access rights at the directory and file level. Delete access requires read access. This type of access is invalid for tape volumes.
Control	Change the protection and ownership characteristics of the volume. Users with the VOLPRO privilege always have control access to a disk volume, with the following exceptions: Mounting a file-structured volume as foreign requires control access or VOLPRO privilege. Mounting a volume containing protected subsystems requires SECURITY privilege. Control access is not valid with tapes.

For more information about specifying protection codes, refer to the OpenVMS Guide to System Security. Chapter 11 discusses protection in general.

The following sections explain how to perform these operations:

Task Section

Protecting disk volumes Section 8.4.1

Protecting tape volumes Section 8.4.2

Auditing volume access Section 8.4.3

Task	Section
Protecting disk volumes	Section 8.4.1
Protecting tape volumes	Section 8.4.2
Auditing volume access	Section 8.4.3

8.4.1 Protecting Disk Volumes

For file-structured ODS-2 volumes, the OpenVMS operating system supports the types of access shown in Table 8-9. The system provides protection of ODS-2 disks at the volume, directory, and file levels. Although you might have access to the directories and files on the volume, without the proper volume access, you are unable to access any part of a volume.

The default access types for the disk volume owner [0,0] are:

S:RWCD, O:RWCD, G:RWCD, W:RWCD.

The system establishes this protection with the default qualifier of the INITIALIZE command (/SHARE). Any attributes that you do not specify are taken from the current default protection.

Ways to Specify Protection

You can change permanently stored protection information in the following ways:

Use ACLs. The entire security profile (owner UIC, protection code, and ACL) is stored on the volume. If you change the volume security profile for a volume mounted clusterwide, the change is distributed to all nodes in the cluster. If you dismount and remount a volume, the security profile for the volume is preserved.
Use the DCL command SET SECURITY to modify the default security profile after a volume is mounted, including UIC- and ACL-based protection.
Use protection qualifiers with the DCL command INITIALIZE to specify UIC-based protection when you initialize a volume.
You can also specify protection when you mount disk volumes, but you ordinarily do not do so because the protection that you specify is in effect only while the volume is mounted. For details, refer to the Mount utility (MOUNT) in the OpenVMS System Management Utilities Reference Manual.
Use the DCL command SET VOLUME after you mount a volume to change UIC-based volume protection.

The following sections explain how to perform these tasks:

Task Section

Specify protection when you initialize volumes Section 8.4.1.1

Change protection after volumes are mounted Section 8.4.1.2

Display protection Section 8.4.1.3

Task	Section
Specify protection when you initialize volumes	Section 8.4.1.1
Change protection after volumes are mounted	Section 8.4.1.2
Display protection	Section 8.4.1.3

8.4.1.1 Specifying Protection When You Initialize Disk Volumes

This section explains how to specify UIC-based volume protection and ISO 9660-formatted media protection when you initialize volumes.

Specifying UIC-Based Protection

You can specify protection in one of the following ways when you initialize volumes:

Use the /PROTECTION qualifier with the INITIALIZE command. For example:
$ INITIALIZE DUA7: ACCOUNT1/PROTECTION=(S:RWCD,O:RWCD,G:R,W:R)
This example specifies a protection code for the disk volume ACCOUNT1 on the DUA7: device. The UIC of the volume is set to your process UIC.

Use one or more of the qualifiers shown in Table 8-10 with the INITIALIZE command. However, the protection that you set using the /PROTECTION qualifier overrides any of the defaults set when you use any other qualifier.

Using INITIALIZE Command Qualifiers for Protection

You usually do not change volume protection after you initialize a volume. By specifying a protection qualifier with the INITIALIZE command, you can establish the default protection of a volume. (The default qualifier of the INITIALIZE command is /SHARE, which grants all types of ownership all types of access.)
Table 8-10 explains the qualifiers you can use to specify disk volume protection when you initialize disk volumes.

Table 8-10 INITIALIZE Command Qualifiers for Protection
Qualifier Explanation

/PROTECTION The protection you specify with this qualifier overrides any protection you specify with other qualifiers.

/SYSTEM All processes have read, write, create, and delete access to the volume, but only system processes can create first-level directories. ([1,1] owns the volume.) See the note following this table.

/GROUP System, owner, and group processes have read, write, create, and delete access to the volume. World users have no access.

/NOSHARE System and owner processes have read, write, and delete access to the volume. World users have no access. Group users also have no access unless you specify the /GROUP qualifier.

**Table 8-10 INITIALIZE Command Qualifiers for Protection**
Qualifier	Explanation
/PROTECTION	The protection you specify with this qualifier overrides any protection you specify with other qualifiers.
/SYSTEM	All processes have read, write, create, and delete access to the volume, but only system processes can create first-level directories. ([1,1] owns the volume.) See the note following this table.
/GROUP	System, owner, and group processes have read, write, create, and delete access to the volume. World users have no access.
/NOSHARE	System and owner processes have read, write, and delete access to the volume. World users have no access. Group users also have no access unless you specify the /GROUP qualifier.

Note

The /SYSTEM qualifier grants all users complete access. However, users cannot create directories or files unless you perform one of the following actions:

Change the protection on the newly created master file directory (MFD), [000000]000000.DIR;1 to allow users to create their own directories under this parent directory.
Under the master file directory, create user directories that give users write access so that they, in turn, can create their own directories.

System managers usually choose the second method.

Table 8-11 shows the UIC and protection that the system sets for disk volumes when you use the default, /SHARE, and other qualifiers with the INITIALIZE command.

Table 8-11 Protection Granted with INITIALIZE Command Qualifiers
Qualifier UIC Protection

/SYSTEM [1,1] S:RWCD,O:RWCD,G:RWCD,W:RWCD

/SYSTEM/NOSHARE [1,1] S:RWCD,O:RWCD,G:RWCD,W:RWCD

/GROUP [x,0] S:RWCD,O:RWCD,G:RWCD,W

/SHARE (the default) [x,x] ¹ S:RWCD,O:RWCD,G:RWCD,W:RWCD

/NOSHARE [x,x] ¹ S:RWCD,O:RWCD,G,W

**Table 8-11 Protection Granted with INITIALIZE Command Qualifiers**
Qualifier	UIC	Protection
/SYSTEM	[1,1]	S:RWCD,O:RWCD,G:RWCD,W:RWCD
/SYSTEM/NOSHARE	[1,1]	S:RWCD,O:RWCD,G:RWCD,W:RWCD
/GROUP	[x,0]	S:RWCD,O:RWCD,G:RWCD,W
/SHARE (the default)	[x,x] ¹	S:RWCD,O:RWCD,G:RWCD,W:RWCD
/NOSHARE	[x,x] ¹	S:RWCD,O:RWCD,G,W

¹x,x is the UIC of the process that performs the initialization.

Specifying ISO 9660-Formatted Media Protection

The OpenVMS implementation of ISO 9660 does not include volume or volume set protection. The protection specified for the device on which the media is mounted determines accessibility to the ISO 9660 volumes or volume sets.

By default, the device protection is assigned to ISO 9660 files and directories. When you mount the volume, you can specify additional file protection using the UIC and PERMISSION protection fields included in the Extended Attribute Records (XARs) that might be associated with each file.

You can enable the protection fields by specifying either of the following items:

XAR mount option, using the following format:
MOUNT/PROTECTION=XAR
When you specify the XAR option for a file that has an associated XAR, the protection fields in the XAR are enabled.
DIGITAL System Identifier (DSI) mount option, using the following format:
MOUNT/PROTECTION=DSI
If you specify the DSI option, you enable the XAR permissions Owner and Group for XARs containing DSI.

For more information about the XAR and DSI options, refer to the OpenVMS Record Management Utilities Reference Manual.

8.4.1.2 Changing Protection After Disk Volumes Are Mounted

You can change protection by using the SET SECURITY/CLASS=VOLUME command with the /PROTECTION, /OWNER, or /ACL qualifier to change any aspect of the volume security profile.

Changing UIC-Based Protection

To change UIC-based protection after a volume is mounted, use the SET SECURITY/CLASS=VOLUME/PROTECTION command. For example:

$ SET SECURITY/CLASS=VOLUME/PROTECTION=(S:RWCD,O:RWCD,G:RC,W:RC) DUA0:

The protection set in this example allows the system and owner all types of access. Group and world access types can only read files and run programs. Any category not specified in the protection code (S,O,G,W) is unchanged.

Changing ACL-Based Protection

To change ACL-based protection after a volume is mounted, use the SET SECURITY/CLASS=VOLUME/ACL command. To change the ACL, for example:

$ SET SECURITY/CLASS=VOLUME/ACL=(IDENTIFIER=DOC,ACCESS=READ+WRITE+EXECUTE) - _$ $1$DSA7:

This example gives holders of the DOC identifier read, write, and execute access to the $1$DSA7: volume.

8.4.1.3 Displaying UIC- and ACL-Based Protection

You can use the SHOW SECURITY/CLASS=VOLUME command to display protection. For example:

$ SHOW SECURITY/CLASS=VOLUME $1$DSA27:

The following example shows the resulting display:

$1$DSA27: object of class VOLUME Owner: [1,1] Protection: (System: RWCD, Owner: RWCD, Group: RWCD, World: RWCD) Access Control List: (IDENTIFIER=[ABC,SADAMS],ACCESS=READ+WRITE+CREATE+DELETE)

In the display are the name and profile of the VOLUME class object $1$DSA27. The profile includes the owner UIC, the protection code, and the access control list (ACL) of the protected object.

8.4.2 Protecting Tape Volumes

The system protects magnetic tapes only at the volume level. You establish protection when you initialize tape volumes; after that, the Mount utility (MOUNT) enforces the protection that you have established.

You can use two levels of protection for tape volumes:

Level of Protection Description

Guidelines of the ISO standard The ISO standard, which is the first level of protection, is encoded in the accessibility field of the first volume label written on the magnetic tape. With this protection scheme, you can protect tape volumes in environments where interchange exists between the OpenVMS system and the operating system that is not OpenVMS.

UIC-based protection scheme supported by system software This second level of protection is encoded in the second volume label written on the magnetic tape. Only OpenVMS systems check this scheme; it is ignored in any interchange with operating systems that are not OpenVMS.

Level of Protection	Description
Guidelines of the ISO standard	The ISO standard, which is the first level of protection, is encoded in the accessibility field of the first volume label written on the magnetic tape. With this protection scheme, you can protect tape volumes in environments where interchange exists between the OpenVMS system and the operating system that is not OpenVMS.
UIC-based protection scheme supported by system software	This second level of protection is encoded in the second volume label written on the magnetic tape. Only OpenVMS systems check this scheme; it is ignored in any interchange with operating systems that are not OpenVMS.

Standard-Labeled Tape Protection

The OpenVMS tape file system bases its accessibility protection on the ISO standards. This protection allows an installation routine to use a routine that interprets the contents of the volume- and header-label accessibility field. Refer to the $MTACCESS system service in the OpenVMS System Services Reference Manual for more information about installation routines.

Access Types with Default Protection

When you do not supply a protection code during initialization, all users receive read and write access, explained in Table 8-12.

Table 8-12 Access Types for Tape Volume Protection
Access Type Gives you the right to...

Read Examine, print, or copy files from the volume.

Write Append or write files to the volume.

**Table 8-12 Access Types for Tape Volume Protection**
Access Type	Gives you the right to...
Read	Examine, print, or copy files from the volume.
Write	Append or write files to the volume.

The security profile of a tape volume is stored in the ANSI VOL1 and VOL2 labels written on the tape. The VOL2 label contains system-specific information. To override the creation of VOL2 labels, specify the /INTERCHANGE qualifier with the INITIALIZE command or the INIT$_INTERCHANGE itemcode on the $INIT_VOL system service.

Foreign Volume Protection

The operating system also supports foreign tape volumes. (Foreign volumes either lack the standard volume label or have been mounted with the /FOREIGN qualifier.) When a tape volume is mounted with the /FOREIGN qualifier, users in the system and owner categories are always given full access (read, write, logical, and physical), regardless of what is specified in the protection code.

8.4.2.1 Using the /PROTECTION Qualifier with Tape Volumes

If you use the /PROTECTION qualifier when you initialize tape volumes, the protection code is written to a system-specific volume label.

With the /PROTECTION qualifier, the system applies only read (R) and write (W) access restrictions. (Execute [E] and delete [D] access do not apply.) The system and the owner always receive both read (R) and write (W) access to magnetic tapes, regardless of the protection code you specify.

8.4.2.2 Protecting Tape Volumes for Interchange Environments

You can protect tape volumes for interchange between OpenVMS and other operating systems.

The following list contains guidelines for protecting specific types of magnetic tapes:

With tapes processed on any operating system that supports a version of the ANSI standard later than Version 3, the system processes accessibility information in the first volume label.
To process magnetic tapes created on a Compaq operating system other than the OpenVMS operating system Version 4.0 or later, a user must have VOLPRO privilege and must explicitly override the check on the protection as follows:
- If the tape was created with a specified accessibility, then a user must have the appropriate privilege and must explicitly override the check on accessibility.
- If the tape volume was not created with such a protection scheme, then a user is granted read and write access to that tape volume.
The tape file system allows you to specify values for the fields in which other Compaq operating systems currently write their protection information. Except under the conditions described in the last bulleted item, the OpenVMS operating system does not process these fields. Thus, you can use these fields to store the protection values for another operating system without affecting the system protection characteristics on that particular volume.

Contents

Index

privacy and legal statement

6017PRO_031.HTML