Updated: 11 December 1998 |
OpenVMS System Manager's Manual
Previous | Contents | Index |
Security is usually based on control rights that are granted or denied to the user. In a protected subsystem, however, security is based on access controls assigned to the subsystem. The subsystem acts as a gatekeeper that grants or denies users access to objects belonging to the subsystem.
Unprivileged users can build and manage protected subsystems. You must be involved at two points in the process:
Anyone who mounts a subsystem is responsible for knowing what is on the volume being mounted. Compaq strongly recommends that you find out what is on a volume before you mount a subsystem. Without this knowledge, you might inadvertently subvert system security and jeopardize the privacy of users' data. For example, a user with malicious intent who has privileges on one OpenVMS Cluster node might place an application with a subsystem identifier on a volume and then request an unsuspecting operator or system manager to mount the volume on another node. Because the application has a subsystem identifier, the application appears to belong to a subsystem for which it is unauthorized. |
How to Enable Protected Subsystems on a Trusted Volume
The system enables protected subsystems by default only on the system disk. For other disks, you must enable subsystems every time you mount a volume. A person with the SECURITY privilege can enable subsystems on a volume by using the /SUBSYSTEM qualifier on the MOUNT command.
You can dynamically turn on and off the processing of Subsystem ACEs with the DCL command SET VOLUME/SUBSYSTEM. This command is especially useful for the system disk, which is not mounted using the MOUNT command.
The command in the following example mounts the volume labeled DOC on the DUA0: device. Subsystems on the volume are accessible. The MOUNT command also assigns the logical name WORK8.
$ MOUNT/SUBSYSTEM/SYSTEM DUA0: DOC WORK8 |
The following sections contain instructions for converting an existing
volume from one ODS file format to another.
8.5.5.1 Converting from ODS-2 to ODS-5
To convert an ODS-2 volume to an ODS-5 volume:
$ DISMOUNT /CLUSTER DKA300: |
$ MOUNT DKA300: DISK1 %MOUNT-I-MOUNTED, DISK1 mounted on _STAR$DKA300: |
$ SHOW DEVICE DKA200:/FULL Disk $10$DKA200:, device type RZ47, is online, allocated, deallocate on dismount, mounted, file-oriented device, shareable. Error count 0 Operations completed 232 . . . Volume Status: ODS-2, subject to mount verification, file high-water marking, write-back caching enabled. |
$ WRITE SYS$OUTPUT F$GETDVI ("DKA200:","ACPTYPE") F11V2 |
$ BACKUP /IMAGE DKA300: SAV.BCK /SAVE_SET |
SET VOLUME /STRUCTURE_LEVEL=5 device-name |
For example:
$ SET VOLUME /STRUCTURE_LEVEL=5 DKA300: |
You cannot use the SET VOLUME command to change a volume from ODS-5 to ODS-2. To reset a volume to ODS-2, you must use BACKUP as described in Section 8.5.5.3. If a failure occurs after you enter the SET VOLUME/STRUCTURE_LEVEL command, refer to the instructions at the end of this section. |
%SET-E-NOTMOD, DKA300: not modified -SET-E-NOTDISK, device must be a Files-ll format disk %SET-E-NOTMOD, DKA300: not modified -SET-W-INVODSLVL, Invalid on-disk structure level |
%SET-E-NOTMOD, DKA300: not modified -SET-W-NOTPRIVATE, device must be mounted privately |
%SET-E-NOTMOD, DKA300: not modified -SET-W-NOTONEACCR, device must be mounted with only one accessor |
After using the SET VOLUME /STRUCTURE_LEVEL=5 command, do not access the disk further until the disk is dismounted and remounted. |
$ DISMOUNT DKA300: $ MOUNT /CLUSTER DKA300: DISK1 %MOUNT-I-MOUNTED, DISK1 mounted on _STAR$DKA300: |
To verify that the volume has been converted to ODS-5, you can enter a SHOW DEVICE/FULL command and see a display similar to the following:
$ SHOW DEVICE DKA300:/FULL Disk $10$DKA300:, device type RX74, is online, allocated, deallocate on dismount, mounted, file-oriented device, shareable. Error count 0 Operations completed 155 . . . Volume Status: ODS-5, subject to mount verification, file high-water marking, write-back caching enabled. |
An alternative method for displaying the volume type is to issue a command and receive a response similar to the following:
$ WRITE SYS$OUTPUT F$GETDVI ("DKA500:","ACPTYPE") F11V5 |
F11V5 indicates that the volume is ODS-5.
What to Do if a Failure Occurs
If a failure such as an I/O error or a system crash occurs while the SET VOLUME/STRUCTURE_LEVEL command is executing but before the command finishes, the volume might be only partially updated. If so, when you enter the MOUNT command, the Mount utility will display one of the following error messages:
Inconsistent file structure level on device ... Structure level on device ... is inconsistent with volume set |
If either condition is true, you can enter the MOUNT command only with the /NOSHARE qualifier (or with no qualifier, because /NOSHARE is the default). When you do, the system displays the same error message but only as a warning.
To recover from the error condition, reenter the SET
VOLUME/STRUCTURE_LEVEL=5 command, and then dismount and remount the
disk. As a last resort, you can restore the backup you made.
8.5.5.2 Converting from ODS-1 to ODS-2
To convert from ODS-1 format to ODS-2 format:
Two types of BACKUP operations, file and image, support converting ODS-5 file names to ODS-2 file names. (File and image operations are described more completely in Chapter 10.)
In the examples in the following descriptions, notice that when you perform a conversion to or from a save set, the created as or copied as message is displayed for the converted files.
$ BACKUP/LOG/IMAGE/CONVERT DKA500:[000000]IMAGE.BCK/SAVE DKA200:/NOINIT %BACKUP-I-ODS5CONV, structure level 5 files will be converted to structure level 2 on DKA200: -BACKUP-I-ODS5LOSS, conversion may result in loss of structure level 5 file attributes %BACKUP-S-CREATED, created DKA200:[000000]000000.DIR;1 %BACKUP-S-CREATED, created DKA200:[000000]BACKUP.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]CONTIN.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]CORIMG.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]SECURITY.SYS;1 %BACKUP-S-CREATED, created MDA2:[000000]TEST_FILES.DIR;1 %BACKUP-S-CREATEDAS, created DKA200:[TEST_FILES]SUB^_^{DIR^}.DIR;1 as DKA200:[TEST_FILES]SUB$$DIR$.DIR;1 %BACKUP-S-CREATEDAS, created DKA200:[TEST_FILES.SUB^_^{DIR^}]SUB^&_~_FILE_~.DAT;1 as DKA200:[TEST_FILES.SUB$$DIR$]SUB$_$_FILE_$.DAT;1 %BACKUP-S-CREATEDAS, created DKA200:[TEST_FILES]THIS^_IS^_A^_TEST^{_FILE_^}.DAT;1 as DKA200:[TEST_FILES]THIS$IS$A$TEST$_FILE_$.DAT;1 %BACKUP-S-CREATED, created DKA200:[000000]VOLSET.SYS;1 |
$ BACKUP/LOG/CONVERT/IMAGE DKA500: DKA200:[000000]IMAGE.BCK/SAVE %BACKUP-I-ODS5CONV, structure level 5 files will be converted to structure level 2 on DKA200: -BACKUP-I-ODS5LOSS, conversion may result in loss of structure level 5 file attributes %BACKUP-S-COPIED, copied DKA200:[000000]000000.DIR;1 %BACKUP-S-COPIED, copied DKA200:[000000]BACKUP.SYS;1 %BACKUP-S-HEADCOPIED, copied DKA200:[000000]BADBLK.SYS;1 header %BACKUP-S-HEADCOPIED, copied DKA200:[000000]BADLOG.SYS;1 header %BACKUP-S-HEADCOPIED, copied DKA200:[000000]BITMAP.SYS;1 header %BACKUP-S-COPIED, copied DKA200:[000000]CONTIN.SYS;1 %BACKUP-S-COPIED, copied DKA200:[000000]CORIMG.SYS;1 %BACKUP-S-HEADCOPIED, copied DKA200:[000000]INDEXF.SYS;1 header %BACKUP-S-COPIED, copied DKA200:[000000]SECURITY.SYS;1 %BACKUP-S-COPIED, copied DKA200:[000000]TEST_FILES.DIR;1 %BACKUP-S-COPIEDAS, copied DKA200:[TEST_FILES]Sub^_^{Dir^}.DIR;1 as DKA200:[TEST_FILES]SUB$$DIR$.DIR;1 %BACKUP-S-COPIEDAS, copied DKA200:[TEST_FILES.Sub^_^{Dir^}]Sub^&_~_File_~.Dat;1 as DKA200:[TEST_FILES.SUB$$DIR$]SUB$_$_FILE_$.DAT;1 %BACKUP-S-COPIEDAS, copied DKA200:[TEST_FILES]This^_is^_a^_Test^{_File_^}.Dat;1 as DKA200:[TEST_FILES]THIS$IS$A$TEST$_FILE_$.DAT;1 %BACKUP-S-COPIED, copied DKA200:[000000]VOLSET.SYS;1 |
$ BACKUP/LOG/CONVERT/IMAGE DKA500: DKA200:/NOINIT %BACKUP-I-ODS5CONV, structure level 5 files will be converted to structure level 2 on DKA200: -BACKUP-I-ODS5LOSS, conversion may result in loss of structure level 5 file attributes %BACKUP-S-CREATED, created DKA200:[000000]000000.DIR;1 %BACKUP-S-CREATED, created DKA200:[000000]BACKUP.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]CONTIN.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]CORIMG.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]SECURITY.SYS;1 %BACKUP-S-CREATED, created DKA200:[000000]TEST_FILES.DIR;1 %BACKUP-S-CREATED, created DKA200:[TEST_FILES]SUB$$DIR$.DIR;1 %BACKUP-S-CREATED, created DKA200:[TEST_FILES.SUB$$DIR$]SUB$_$_FILE_$.DAT;1 %BACKUP-S-CREATED, created DKA200:[TEST_FILES]THIS$IS$A$TEST$_FILE_$.DAT;1 %BACKUP-S-CREATED, created DKA200:[000000]VOLSET.SYS;1 |
$ BACKUP/LOG/CONVERT DKA500:[*...]*.*;* DKA200:[*...]*.*;* %BACKUP-I-ODS5CONV, structure level 5 files will be converted to structure level 2 on DKA200: -BACKUP-I-ODS5LOSS, conversion may result in loss of structure level 5 file attributes %BACKUP-S-CREDIR, created directory DKA200:[TEST_FILES.SUB$$DIR$] %BACKUP-S-CREATED, created DKA200:[TEST_FILES.SUB$$DIR$]SUB$_$_FILE_$.DAT;1 %BACKUP-S-CREATED, created DKA200:[TEST_FILES]THIS$IS$A$TEST$_FILE_$.DAT;1 |
$ BACKUP/LOG/CONVERT DKA500:[*...]*.*;* DKA200:FILES.BCK/SAVE %BACKUP-I-ODS5CONV, structure level 5 files will be converted to structure level 2 on DKA200: -BACKUP-I-ODS5LOSS, conversion may result in loss of structure level 5 file attributes %BACKUP-S-COPIED, copied DKA200:[000000]000000.DIR;1 %BACKUP-S-COPIED, copied DKA200:[000000]TEST_FILES.DIR;1 %BACKUP-S-COPIEDAS, copied DKA200:[TEST_FILES]Sub^_^{Dir^}.DIR;1 as DKA200:[TEST_FILES]SUB$$DIR$.DIR;1 %BACKUP-S-COPIEDAS, copied DKA200:[TEST_FILES.Sub^_^{Dir^}]Sub^&_~_File_~.Dat;1 as DKA200:[TEST_FILES.SUB$$DIR$]SUB$_$_FILE_$.DAT;1 %BACKUP-S-COPIEDAS, copied DKA200:[TEST_FILES]This^_is^_a^_Test^{_File_^}.Dat;1 as DKA200:[TEST_FILES]THIS$IS$A$TEST$_FILE_$.DAT;1 |
If BACKUP cannot convert a file name within its existing directory, it converts the file name and leaves it unconnected so that ANALYZE /DISK /REPAIR can connect it to the [SYSLOST] directory, where the file has an ODS-2-compliant name. BACKUP also displays messages similar to the following:
%BACKUP-I-RECOVCNT, 5 files could not be converted into a directory on DKA100: -BACKUP-I-RECOVCMD, use the Analyze/Disk_Structure/Repair command to recover files |
In this case, you need to move the file from [SYSLOST] to the
appropriate directory. Refer to the created as log messages to
see where the file would logically be placed and place it there
manually.
8.5.6 Modifying Disk Volume Characteristics
Use the DCL command SET VOLUME to modify the characteristics of one or more mounted Files--11 disk volumes. To use this command, you must have write access to the index file on the volume. If you are not the owner of the volume, you must have either a system UIC or the user privilege SYSPRV. You must then specify the name of one or more mounted Files--11 volumes.
The following examples illustrate how you can use the SET VOLUME command.
$ SET VOLUME/DATA_CHECK=(READ,WRITE) DKA100: |
$ SET VOLUME/LABEL=LICENSES DKA100: |
The DISKMOUNT.C program can help to speed up disk mounts at system startup time. The program reduces the MOUNT image activation time by directly calling the $MOUNT system service.
DISKMOUNT.C does not support mounting of disks connected to an InfoServer, disks served using DFS, or stripe sets. |
This program requires a VAX C compiler. Perform the following steps:
For additional information, see the comments in the DISKMOUNT.H file.
8.6 Setting Up Disk Volume Sets
The following sections discuss concepts related to disk volume sets and explain how to perform the following actions:
Task | Section |
---|---|
Create a disk volume set from new volumes | Section 8.6.2 |
Create a shadowed disk volume set | Section 8.6.3 |
Create a disk volume set from an existing volume | Section 8.6.4 |
Add volumes to a disk volume set | Section 8.6.5 |
A volume set is a collection of disk volumes bound into a single entity by the DCL command MOUNT/BIND. To users, a volume set looks like a single, large volume. Volume sets have the following characteristics:
Use a volume set to provide a large, homogeneous public file space. You must use a volume set to create files that are larger than a single physical disk volume. (The file system attempts to balance the load on the volume sets, for example, by creating new files on the volume that is the least full at the time.)
If you want several distinct areas of file storage, with different types of users or different management policies, you must use a separate volume or volume set for each area. For example, you might want one volume for permanent user storage, with limited disk quotas and regular backups. You might want another volume for "scratch" use, which means that the volume has liberal or no quotas and is not backed up; also, its files are purged on a periodic basis. Each separate volume or volume set must contain a top-level user file directory for each user who keeps files on that volume.
An advantage of separate volumes is their modularity. If one of the drives holding a volume set is out of service, the whole volume set is unavailable because of its interconnected directory structure. When a drive holding a single volume is not functioning, only the files on that volume are not available.
A disadvantage of volume sets is the large size of an image backup of a multivolume set, which might affect your backup schedule. For example, if backing up each of five separate volumes takes 5 hours in the evening, backing up these same volumes in a volume set will take 25 hours, which cannot be done overnight, thus possibly causing a scheduling problem.
Previous | Next | Contents | Index |
Copyright © Compaq Computer Corporation 1998. All rights reserved. Legal |
6017PRO_033.HTML
|