Previous | Contents | Index |
The following table lists the access permissions you can specify for a file using the SET FILE/PERMISSIONS command.
File Access Permission | Description | |
---|---|---|
CHANGE | Can display the file, run the file if it is a program, change the file, and delete the file. | |
FILE_SPECIFIC=( access) | Can grant the following specific access rights to the file: | |
When access specified is... | The user... | |
CHANGE_PERMISSIONS | Can change file permissions. | |
DELETE | Can delete the file. | |
EXECUTE | Can run the file, if it is a program. | |
FULL | Has complete access to the file. | |
NONE | Has no access to the file. | |
READ | Can view the file. | |
TAKE_OWNERSHIP | Can take ownership of the file. | |
WRITE | Can change the file. | |
FULL_CONTROL | Can display the file, run the file if it is a program, change the file, delete the file, change permissions on the file, and take ownership of the file. | |
NONE | Has no access to the file. This prevents access even if the user is a member of a group that has access to the file. | |
READ | Can display the file, and run the file if it is a program. |
4.4.5.3 File and Directory Access Permissions
The following table lists the types of access users can have and the
permissions to set on directories.
User can... | NONE | LIST | READ | ADD | ADD AND READ | CHANGE | FULL CONTROL |
---|---|---|---|---|---|---|---|
Display directory file names | X | X | X | X | X | ||
Display directory attributes | X | X | X | X | X | X | |
Go to directory subdirectories | X | X | X | X | X | X | |
Change directory attributes | X | X | X | X | |||
Create subdirectories and all files | X | X | X | X | |||
Display directory owner and permissions | X | X | X | X | X | X | |
Delete the directory | X | X | |||||
Delete any file or empty subdirectory in a directory | X | ||||||
Change directory permissions | X | ||||||
Take ownership of the directory | X |
The following table lists the types of access users can have to files and the permissions to set on directories.
User can... | NONE | LIST | READ | ADD | ADD AND READ | CHANGE | FULL CONTROL |
---|---|---|---|---|---|---|---|
Display file owner and permissions | X | X | X | X | |||
Display file data | X | X | X | X | |||
Display file attributes | X | X | X | X | |||
Run a program file | X | X | X | X | |||
Change file attributes | X | X | |||||
Change data in and append data to the file | X | X | |||||
Delete the file | X | X | |||||
Change the file permissions | X | ||||||
Take ownership of the directory | X |
To display directory and file permissions, use the SHOW FILES/FULL command, specifying a share name and its path. For example, with an existing share called RAINBOW and a file called LOGS.TXT, you can display permissions and ownership.
LANDOFOZ\\TINMAN> SHOW FILES RAINBOW\LOG.TXT /FULL Files in: \\TINMAN\RAINBOW LOGS.TXT Permissions: Administrators Full (All) Everyone Change (RWXD) Server Operators Change (RWXD) SYSTEM Full (All) Audit Events: (None specified) Owner: LION Total of 1 file LANDOFOZ\\TINMAN> |
If the PATHWORKS Advanced Server and OpenVMS security model is enabled, and a PATHWORKS Advanced Server user attempts to access a file or directory, the access must be allowed by two sets of permissions: PATHWORKS Advanced Server permissions, and OpenVMS file and directory protections.
Every file on an OpenVMS system has four protection codes:
For information on setting OpenVMS system file protections, see the SET PROTECTION command in your OpenVMS system documentation. You may also want to review the information on OpenVMS ACLs (access control lists) in the OpenVMS System Manager's Manual.
When a PATHWORKS Advanced Server user attempts to access a file, the following rules govern what OpenVMS system protections control the access:
When you assign permissions for a resource, you can also audit use of the resource. The PATHWORKS Advanced Server can write an entry to the Security event log whenever a user accesses the resource in a certain way. The audit entry shows the resource, action performed, user who performed it, and date and time of the event.
Events that PATHWORKS Advanced Server can audit for directory and file access include:
For more information about auditing and viewing events, refer to
Chapter 6, Monitoring Events and Troubleshooting.
4.4.9 Taking Ownership of Files or Directories
When you create a file or directory, you become its owner. By granting permissions, the owner controls how the file or directory is used. The owner can grant permission to another user to take ownership of a file or directory. Otherwise, you must be logged on as a member of the Administrators group to take ownership. Although an administrator can take ownership, an administrator cannot transfer ownership to others. This preserves security. To make sure that your files are secure, you should check their ownership regularly using the SHOW FILES/OWNER command.
To take ownership of a file or directory:
Use the TAKE FILE OWNERSHIP command as follows:
TAKE FILE OWNERSHIP UNCpath [/qualifiers]) |
For example, the following command takes ownership of the file called SIMIANS.DAT that is stored on domain LANDOFOZ in the directory \WITCH\MKEY. The directory is on server TINMAN and the UNC path is WITCH\MKEY\SIMIANS.DAT.
LANDOFOZ\\TINMAN> TAKE FILE OWNERSHIP WITCH\MKEY\SIMIANS.DAT %PWRK-S-FILEMOD, "\\TINMAN\WITCH\MKEY\SIMIANS.DAT" modified LANDOFOZ\\TINMAN> |
An operating system's file system determines the conventions that apply to file and directory names. When you use the PATHWORKS Advanced Server, you can use long file and directory names, much as with OpenVMS. Windows NT, Windows 95, and Windows 98 provide long file names, but Windows V3.11 and DOS do not.
All files stored on the PATHWORKS Advanced Server are subject to the
PATHWORKS Advanced Server file naming conventions.
4.4.10.1 PATHWORKS Advanced Server File Naming
The PATHWORKS Advanced Server uses the naming conventions shown in the following table. An X in the table indicates whether the convention is different from that used by OpenVMS.
PATHWORKS Advanced Server stores file names as all uppercase characters. |
Convention | Same as OpenVMS | Different from OpenVMS |
---|---|---|
Names can be up to 78 characters long, including the extension. Separate the extension from the name using a period. | X | |
Names can contain any lowercase letter or special character except for
the following:
? " / \ < > * | : |
X | |
Any OpenVMS system file or directory name that contains excluded characters is neither visible nor accessible to PATHWORKS Advanced Server client workstations. | X |
4.4.10.2 MS-DOS and Windows File Naming
If you are using the PATHWORKS Advanced Server in an environment where
long file names are not always supported, users must continue using
MS-DOS file naming conventions. Check the file-naming conventions on
your client systems by looking at their files and directories. For
example, if your clients are running Windows V3.11, or older Windows
applications that only recognize the 8.3 file format, file names must
follow the 8.3 file-naming convention; if your clients are running
Windows 95 or Windows 98, they can use long file names.
From an MS-DOS system, your clients can use the following conventions for naming files:
Convention | Same as OpenVMS | Different from OpenVMS |
---|---|---|
The name of a file or directory can have two parts: a name and an optional extension. The two parts are separated by a period. | X | |
The name can contain up to eight characters, and the extension can contain up to three characters (8.3 convention). | X | |
The name must start with either a letter or number. It can contain any
upper or lowercase alphanumeric characters except for the following:
? " / \ < > * | : [ ] ; = , + |
X | |
The name cannot contain any spaces. | X | |
The following names are reserved and cannot be used for files or
directories:
AUX, COM1, COM2, COM3, COM4, CON, LPT1, LPT2, LPT3, NUL, PRN |
X |
4.4.10.3 Windows NT File Naming
From a Windows NT system, your clients can use the following
conventions for naming files:
Convention | Same as OpenVMS | Different from OpenVMS |
---|---|---|
The name of a file or directory can have two parts: a name and an optional extension. The two parts are separated by a period. | X | |
The name can contain up to 255 characters, and the extension can contain any number of characters within the 255 character limit. | X | |
Names preserve uppercase and lowercase characters, but are not case sensitive. | X | |
The name must start with either a letter or number. It can contain any
uppercase or lowercase alphanumeric characters except for the following:
? " / \ < > * | : |
X | |
The name cannot contain any spaces. | X | |
The following names are reserved and cannot be used for files or
directories:
AUX, COM1, COM2, COM3, COM4, CON, LPT1, LPT2, LPT3, NUL, PRN |
X |
4.4.10.4 Windows 95 and Windows 98 File Naming
From a Windows 95 or Windows 98 system, you can use the following
conventions for naming files:
Convention | Same as OpenVMS | Different from OpenVMS |
---|---|---|
The name of a file or directory can have two parts: a name and an optional extension. The two parts are separated by a period. | X | |
The name can contain up to 255 characters, and the extension can contain any number of characters within the 255 character limit. | X | |
The name must start with either a letter or number. It can contain any
uppercase or lowercase alphanumeric characters except for the following:
? " / \ < > * | : |
X | |
The name can contain spaces. | X | |
The following names are reserved and cannot be used for files or
directories:
AUX, COM1, COM2, COM3, COM4, CON, LPT1, LPT2, LPT3, NUL, PRN |
X |
Previous | Next | Contents | Index |