Updated: 11 December 1998 |
OpenVMS System Management Utilities Reference
Manual
Previous | Contents | Index |
Adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist:
- The file being created is not owned by the user identification code (UIC) of the process creating the file.
- The process creating the file does not have system privileges.
For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.
The Creator ACE applies to directory files only.
Refer to the OpenVMS Guide to System Security for more information.
(CREATOR [,OPTIONS=attribute[+attribute...]],ACCESS=access-type[+access-type...])
options
Specify any of the following attributes:
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
- SET SECURITY/ACL/DELETE
- SET SECURITY/LIKE
- SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify access types that are valid for files (read, write, execute, delete, and control).
Defines a UIC-based protection to be propagated to new files throughout a directory tree. The protection code in the ACE is assigned to new files created in the directory. The Default Protection ACE applies to directory files only. Although the system propagates the Default Protection ACE to new subdirectories, the protection code is not assigned to the subdirectories. Instead, the subdirectories receive a modified copy of the parent directory's protection code in which delete access is not granted.An example of a Default Protection ACE is as follows:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G,W)The ACE grants read, write, execute, and delete access to users in the system (S) and owner (O) categories but no access to users in the group and world categories. For more information, refer to the OpenVMS Guide to System Security.
(DEFAULT_PROTECTION[,OPTIONS=attribute[+attribute...]],access)
options
Specify any of the following attributes:
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
- SET SECURITY/ACL/DELETE
- SET SECURITY/LIKE
- SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify access in the format of a UIC-based protection code, which is as follows:
[category: list of access allowed (, category: list of access allowed,...)]
- User categories include system (S), owner (O), group (G), and world (W). Refer to the OpenVMS Guide to System Security for a definition of these categories. Access types for files include read (R), write (W), execute (E), and delete (D). The access type is assigned to each ownership category and is separated from its access types with a colon (:).
- A null access list means no access, so when you omit an access type for a user category, that category of user is denied that type of access. To deny all access to a user category, specify the user category without any access types. Omit the colon after the user category when you deny access to a category of users.
- When you omit a user category from a protection code, the current access allowed that category of user is set to no access.
Controls the type of access allowed to a particular user or group of users. An example of an Identifier ACE is as follows:
(IDENTIFIER=SALES,ACCESS=READ+WRITE)A system manager can use the Authorize utility (AUTHORIZE) to grant the SALES identifier to a specific group of users. Read and write access to the file INVENTORY.DAT is then granted to users who hold the SALES identifier.
For more information, refer to the OpenVMS Guide to System Security.
(IDENTIFIER=identifier[+identifier...] [,OPTIONS=attributes[+attributes...]] ,ACCESS=access-type[+access-type...])
identifier
Specifies a user or groups of users whose access to an object is defined in the ACE. A system manager creates or removes identifiers and assigns users to hold these identifiers.Types of identifiers are as follows:
UIC Identifiers in alphanumeric format that are based on the user identification codes (UICs) and that uniquely identify each user on the system. Users with accounts on the system automatically receive a UIC identifier, for example, [GROUP1,JONES] or [JONES]. Thus, each UIC identifier specifies a particular user. General Identifiers defined by the security administrator in the rights list to identify groups of users on the system. A general identifier is an alphanumeric string of 1 to 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9, for example, 92SALES$, ACCOUNT_3, or PUBLISHING. Environmental Identifiers describing different types of users based on their initial entry into the system. Environmental identifiers are also called system-defined identifiers. Environmental identifiers correspond directly to the login classes described in the OpenVMS Guide to System Security. They include batch, network, interactive, local, dialup, and remote. For more information, refer to the OpenVMS Guide to System Security.
options
Specify any of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only. Note that an Identifier ACE with the Default attribute has no effect on access.
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
- SET SECURITY/ACL/DELETE
- SET SECURITY/LIKE
- SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify access types that are valid for the object class. Refer to the OpenVMS Guide to System Security for a listing of valid access types.
Grants additional identifiers to a process while it is running the image to which the Subsystem ACE applies. Users with execute access to the image can access objects that are in the protected subsystem, such as data files and printers, but only when they run the subsystem images. The Subsystem ACE applies to executable images only.An example of a Subsystem ACE is as follows:
(SUBSYSTEM, IDENTIFIER=ACCOUNTING)
(SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]],...])
options
Specify any of the following attributes:
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
- SET SECURITY/ACL/DELETE
- SET SECURITY/LIKE
- SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. identifier
A general identifier specifying the users or groups of users who are allowed or denied access to an object. It is an alphanumeric string of 1 through 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9. For more information, refer to the OpenVMS Guide to System Security.A Subsystem ACE can have multiple pairs of identifiers, with special attributes assigned to the identifiers. A subsystem might require several identifiers to work properly. For example:
(SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE)attribute
The identifier characteristics you specify when you add identifiers to the rights list or grant identifiers to users. You can specify the following attribute:
Resource Allows holders of the identifier to charge disk space to the identifier. Used only for file objects.
1.4 ACL Editor Qualifiers
When you invoke the ACL editor, you can include qualifiers on the
command line that identify the object class and the editing mode
(prompt or noprompt).
You can also use qualifiers to name a journaling file or to recover an
ACL editing session. This section describes the qualifiers listed in
the following table.
Qualifier | Description |
---|---|
/CLASS | Specifies the class of object whose ACL is being edited |
/JOURNAL | Controls whether a journal file is created for the editing session |
/MODE | Specifies the use of prompting during the editing session |
/OBJECT_TYPE | Superseded by the /CLASS qualifier |
/RECOVER | Restores an ACL from a journal file at the beginning of an editing session |
All of the qualifiers described in this section also apply to the SET
SECURITY/EDIT command. You can substitute the SET SECURITY/EDIT command
wherever the EDIT/ACL command is shown; the syntax is the same for both
commands.
/CLASS
Specifies the class of the object whose ACL is being edited. Unless the object is a file, you must specify the object class.
/CLASS =object-class
To edit the ACL for an object other than a file, specify the object class with the /CLASS qualifier. Specify one of the following classes:
CAPABILITY A system capability, such as the ability to process vector instructions. Currently, the only defined object name for the CAPABILITY class is VECTOR, which governs the ability of a subject to access a vector processor on the system. Note that you must supply the capability name as the object name parameter. COMMON_EVENT_CLUSTER A common event flag cluster. DEVICE A device, such as a disk or tape drive. FILE A file or a directory file. This is the default. GROUP_GLOBAL_SECTION A group global section. LOGICAL_NAME_TABLE A logical name table. QUEUE A batch queue or a device (printer, server, or terminal) queue. RESOURCE_DOMAIN A resource domain. SECURITY_CLASS A security class. SYSTEM_GLOBAL_SECTION A system global section. VOLUME A disk or tape volume.
#1 |
---|
$ EDIT/ACL/CLASS=DEVICE WORK1 |
The command in this example specifies that the object WORK1 is a device.
#2 |
---|
$ EDIT/ACL/CLASS=QUEUE FAST_BATCH |
The command in this example creates an ACL for the queue FAST_BATCH. Note that if you create an ACL for a generic queue, you must create identical ACLs for all execution queues to which jobs can be directed.
Controls whether a journal file is created for the editing session.
/JOURNAL [=file-spec]
/NOJOURNAL
By default, the ACL editor keeps a journal file containing a copy of modifications made during an editing session. The journal file is given the name of the object and a .TJL file type. If you specify a different name for the file, do not include any wildcard characters.To prevent the ACL editor from creating a journal file, specify /NOJOURNAL.
If your editing session ends abnormally, you can recover the changes made during the aborted session by invoking the ACL editor with the /RECOVER qualifier.
#1 |
---|
$ EDIT/ACL/JOURNAL=COMMONACL.SAV MECH1117.DAT |
With this command, you create a journal file named COMMONACL.SAV. The file contains a copy of the ACL and the editing commands used to create the ACL for the file MECH1117.DAT.
If the editing session is interrupted, you can recover your edits by specifying the name COMMONACL.SAV with the /RECOVER qualifier.
#2 |
---|
$ EDIT/ACL/CLASS=RESOURCE/JOURNAL=ZERO_RESOURCE.TJL [0] |
If you edit an ACL for the resource domain [0], the ACL editor attempts to create the file [0].TJL on the default device and fails. To create an ACL for the resource [0], you must specify a different name for the journal file (as shown in this example) or suppress the creation of a journal file with the /NOJOURNAL qualifier.
Specifies the use of prompting during the editing session.
/MODE =option
By default, the ACL editor prompts you for each ACE and provides values for some of the fields within an ACE (/MODE=PROMPT). To disable prompting, specify /MODE=NOPROMPT on the command line.
#1 |
---|
$ EDIT/ACL/MODE=NOPROMPT WEATHERTBL.DAT |
With this command, you initiate an ACL editing session to create an ACL for the file WEATHERTBL.DAT. The /MODE=NOPROMPT qualifier specifies that no assistance is required in entering the ACL entries.
Previous | Next | Contents | Index |
Copyright © Compaq Computer Corporation 1998. All rights reserved. Legal |
6048PRO_001.HTML
|