Updated: 11 December 1998 |
OpenVMS System Manager's Manual
Previous | Contents | Index |
You can use the DCL command SET FILE to modify the characteristics of one or more files or to assign an additional name, or alias, to a file. The following examples illustrate ways you can use the SET FILE command.
$ SET FILE/EXPIRATION_DATE=15-APR-1997:11:00 BATCH.COM;3 |
$ SET FILE/BEFORE=15-APR-97/ERASE_ON_DELETE PERSONNEL*.SAL |
$ SET FILE/OWNER_UIC=[DOCUMENTATION,GRAY]/VERSION_LIMIT=100 MYFILE.DAT |
$ SET FILE OLD_FILENAME.DAT/ENTER=NEW_FILENAME.DAT |
Each directory has a protection associated with it. Directory protection can override the protection of individual files within the directory. For example, if a directory denies world access, world users cannot look up files in that directory even though the files permit world access.
For directory protection, you can use the access types shown in Table 9-4.
Access Type | Gives you the right to... |
---|---|
Read |
Examine, print, or copy a file.
If you have read access to a directory, you can display the contents of
the directory with the DIRECTORY command. For example, if you have read
access to the directory [JONES], you can enter the following command:
$ DIRECTORY [JONES] This command displays the files contained in the [JONES] directory. With read access, you can access any file listed in the directory, unless the protection on that file denies you access. If the protection applied to the whole directory denies you read access, then you cannot access even those files in the directory that permit access to users in your group. |
Write | Modify or write to a directory. However, you must have both read and write access to a directory to create files in the directory, to rename files in the directory, or to perform any file operation that involves changes to the directory file. |
Execute |
Access files by name but not list all the entries in
a directory (that is, to use specific or implied wildcards) when
applied to directories. For example, assume that you have execute
access to the [JONES] directory, and you enter the following command:
$ DIRECTORY [JONES] The system responds with an error message of "insufficient
privilege or file protection violation" and does not list the
files in the [JONES] directory. However, if you know that the file
DATAFILE.DAT resides in the [JONES] directory, you can enter the
following command:
The system displays the contents of the file. Thus, with execute access, you can perform some, but not all, of the operations that you can with read access. (Access to individual files is still controlled by their file protection.) As another example, to display the contents of the EXPENSES.DAT
file, you must have read or execute access to each directory in the
directory tree, that is, to the JONES, REPORTS, and JUNE directories:
|
Delete | Delete a directory file. You must remove all entries from a directory before you can delete the directory file. When you create a directory with the CREATE/DIRECTORY command, you do not, by default, get delete access. If you want to be able to delete a directory file, you must use the DCL command SET SECURITY/PROTECTION to explicitly assign delete access to the owner category. |
Control | Change the characteristics of a directory. |
Using UIC Directory Protection
You cannot completely protect a file without applying at least the same protection to the directory in which the file resides. For example, if you deny a user all access to a file but allow that user read access to the file's directory, the user cannot access the contents of the file but can see that it exists. Conversely, a user allowed access to a file and denied access to the file's directory (or one of the parent directories) cannot see that the file exists.
To protect sensitive files, the directory protection alone is not adequate. You must also protect each individual file contained within the directory. Section 9.5.3 contains instructions for protecting disk files. |
By default, top-level directories receive UIC-based protection (S:RWE,O:RWE,G:RE,W:E) and no ACL. A newly created subdirectory receives the same protection as its parent directory, but delete access is removed from all categories.
Guidelines for specifying UIC-based protection on a directory follow.
The following sections explain how to change directory protection
characteristics and default ACL protection.
9.5.4.1 Changing Directory UIC Protection Characteristics
The DCL command SET DIRECTORY modifies the characteristics of one or more directories.
$ SET DIRECTORY/OWNER_UIC=[360,020] [DAVIS],[USERS] |
The SET DIRECTORY command in this example modifies both the [DAVIS] and
[USERS] directories, changing their owner UICs. Using the /OWNER_UIC
qualifier requires SYSPRV (system privilege).
9.5.4.2 Changing Default ACL Protection
You can override default UIC protection for specified directories or subdirectories by placing a default protection ACE in the ACL of the appropriate directory file. The default protection specified in the ACE is applied to any new file created in the specified directory or in any subdirectory of the directory.
The following ACE, which must be in the ACL of a directory file, specifies that the default protection (for files created in the directory and its subdirectories) will allow system and owner processes full access, group processes read and execute access, and world users no access:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G:RE,W:) |
Because tapes are single-user devices, tape protection is only at the volume level. The protection codes for magnetic tape volumes are usually assigned with the INITIALIZE command.
You cannot use DCL commands to change protection characteristics on
magnetic tape volumes. See Section 8.5.1 for more information.
9.6 Accessing Disk Files
This section describes how to use DCL commands to access files at the file level, not at the record level. This applies to reading files on disks, which is explained in this section, as well as to copying tape files, which is explained in Section 9.8.1.
Although DCL does allow you to manipulate files at the record level, for reasons of performance, you probably want to use a conventional programming language instead. Compaq recommends that you write programs using the OpenVMS Record Management Services (RMS) facilities, which are specifically designed to access files at the record level. You can write these programs in any higher-level language that the operating system supports.
To access disk files at the file level, you can use DCL commands. You cannot, however, use DCL commands to read or write files that are not in the standard formats supported by the operating system. If the file formats are not standard, you must mount the volumes on which they reside with the /FOREIGN qualifier to have read and write access.
Although the examples used in this section show how to access disk files on RA90 disk packs, they also apply to other devices.
To read the contents of a disk file, use the DCL command TYPE, which displays the contents of a file on your terminal. To find the exact location of the disk file you want to read, use the DCL command DIRECTORY.
If, for example, you want to read the contents of a file named HISFILE, which is located somewhere in the directory [CHARLES] on a disk device whose logical name is DISK$DOCUMENT, follow these steps:
$ DIRECTORY DISK$DOCUMENT:[CHARLES...]HISFILE.* |
Directory DISK$DOCUMENT:[CHARLES.MEMO] HISFILE.UPD;1 Total of 1 file. |
$ TYPE [CHARLES.MEMO]HISFILE.UPD |
This section describes file-level access for tapes. When you request access to a standard-labeled volume or a file, the operating system checks at the volume and file level to ensure that your process can access the volume or file. The level at which the system checks access depends on the operation you request and the type of access the operation requires.
When you access a volume or a file, the operating system software reads the volume- and file-header labels to determine whether access to the volume or file is restricted. Which label is read depends on the operation requested. For example, if you want to mount a volume, your process must have access to it.
The protection set on a file determines your access to the file. The expiration date field in the header can prevent you from overwriting or appending to a file immediately preceding the one in question. If the expiration date field has not been reached, a file has not expired.
To overwrite an unexpired file, you must specify the /OVERRIDE=EXPIRATION qualifier when you mount the volume. Performing this operation requires that you have read or write access.
After a section that explains tape file names are sections that tell how to perform these tasks:
Task | Section |
---|---|
Locate standard-labeled tape files | Section 9.7.2 |
Use wildcards with tape files | Section 9.7.3 |
Read files on tape volumes | Section 9.7.4 |
Write files to tape volumes | Section 9.7.5 |
OpenVMS systems accept two types of file names for magnetic tapes:
Table 9-5 compares characteristics of OpenVMS extended names and standard names.
Characteristic | OpenVMS Extended Names | Standard Names |
---|---|---|
Valid with... | Tape and disk volumes | Tape volumes |
Format | filename.type;version | filename.;version ( Version is optional.) |
Length | 39.39; | 17.; |
Valid Characters | A through Z; 0 through 9; ampersand (&), hyphen (-), underscore ( _ ), and dollar sign ($); wildcard characters asterisk (*) and percent sign (%) | ASCII "a" 1 characters enclosed in quotation marks (" "). Note that within a file name, DCL interprets a double set of quotation marks ("") as a single set ("). If a name has fewer than 17 characters, the system pads the name on the right with spaces to arrive at the 17-character maximum length. |
Examples | OPENVMS_FILENAME.DAT;23 | "GENLABEL#123";2 |
Before accessing a particular file for a read or write operation, you might want to search the magnetic tape volume for that file. Use the DCL command DIRECTORY to locate a file or group of files on a tape volume.
When you specify a file name for a file residing on tape, the tape file system performs the following tasks:
The OpenVMS operating system supports a limited use of wildcard characters in file specifications for tape volumes.
Table 9-6 explains the use of wildcard characters with OpenVMS extended names and with standard names.
Wildcard Character | OpenVMS Extended Names | Standard Names | Description |
---|---|---|---|
Asterisk (*) | X | X |
In OpenVMS extended names, you can use an asterisk anywhere in the file
name and file type field to match a field or portion of a field. You
can also use the asterisk in the version number field.
In standard names, you can use only a single asterisk in a field. |
Percent sign (%) | X | In OpenVMS extended names, you can use a percent sign in a file specification only to match character positions within a field. You cannot use the percent sign in the version number field. |
Unlike OpenVMS extended names, which can consist of up to 39 characters each for the file name and file type, standard names can have a maximum of 17 characters.
The following examples show how to use wildcard characters in file specifications to search for files on tape volumes. These examples also show how you can use the DIRECTORY command with tapes. Note that the DIRECTORY command does not work the same with tape files as with disk files.
$ DIRECTORY MFA1:*.*;* |
$ DIRECTORY MTA1:%*.*;* $ DIRECTORY MTA0:*.%*;* |
$ DIRECTORY MTA0:*.;* |
When you access a tape file for a read operation, the tape is positioned at the beginning of the file section after the file header labels. When you access a file residing on a tape volume only to read the attributes in the header labels (rather than the data in the file section), the tape file system returns the RMS attributes to your process. For example, when you specify the DIRECTORY/FULL command for a volume, file, or list of files, the tape file system performs the following tasks:
A tape file opened for read access is closed in either of the following ways:
Method | Description |
---|---|
Implicitly | The file is closed implicitly when the drive encounters a tape mark while the system reads a file. The tape file system then reads the trailer labels, closes the file, and positions the tape at the next file. |
Explicitly | The file is closed explicitly when you finish accessing the file before all the data in the file is read. The tape file system then closes the file without reading the trailer labels, and the tape remains at the current position. |
Use the DCL command TYPE to read a file or group of files on the tape volume and to display the contents of the file on your terminal. For example, if you want to read the contents of a file named TESTFILE.DOC;1 (which you know from your directory searches is an OpenVMS file residing on the tape volume MTA1:), enter the following command:
$ TYPE MTA1:TEST*.%*;* |
You then receive the following display on your terminal:
MTA1:TESTFILE.DOC;1 This is a test file. |
Previous | Next | Contents | Index |
Copyright © Compaq Computer Corporation 1998. All rights reserved. Legal |
6017PRO_041.HTML
|