Advanced Server for OpenVMS
Server Administrator's Guide

4.2.3.3 The Autoshare Parameter

The Autoshare value in the registry specifies an alias for the autoshare name created by default for an OpenVMS disk device. Advanced Server creates an autoshare for each mounted OpenVMS disk device when the server starts. To create a more meaningful share name or to map the device name to a DOS format, use the Autoshare value in the OpenVMS registry.

The format of the data associated with the Autoshare value is as follows:

devname_1=sharename_1 . . . devname_n=sharename_n

The share name cannot exceed 11 characters. Do not append a dollar sign ($) to the device name; the Advanced Server does this automatically.

For example, Table 4-4, Sample Default Autoshare Names, shows physical device names and volume labels for disk devices mounted on node DOT and the autoshare names that Advanced Server creates by default.

Table 4-4 Sample Default Autoshare Names
Device Volume Label Autoshare Name

DOT$DUA0: AXPVMS072 AXPVMS072$

DOT$DUA1: USERS_1 USERS_1$

DOT$DUA2: USERS_2 USERS_2$

DOT$DUA3: WORK_DISK055 None: the volume label exceeds the 11-character limit.

**Table 4-4 Sample Default Autoshare Names**
Device	Volume Label	Autoshare Name
DOT$DUA0:	AXPVMS072	AXPVMS072$
DOT$DUA1:	USERS_1	USERS_1$
DOT$DUA2:	USERS_2	USERS_2$
DOT$DUA3:	WORK_DISK055	None: the volume label exceeds the 11-character limit.

For example, the data associated with the AutoShare value in the OpenVMS Registry appears as follows:

DOT$DUA1=USERS_1 DOT$DUA2=M DOT$DUA3=WORK5

The Autoshare parameter directs the Advanced Server to create an autoshare named M$. If you connect to the share USERS_1$, you access DOT$DUA1:[000000]. When you display a list of available devices, the device M: is listed.

As shown in Table 4-4, Sample Default Autoshare Names, the Advanced Server did not create an implicit autoshare for the device DOT$DUA3:, because the volume label WORK_DISK055 exceeds the 11-character limit. But Advanced Server allows you to include the device name (DOT$DUA3) in the autoshare list in the registry and creates the explicit autoshare WORK5$ for DOT$DUA3:.

4.2.3.4 The NoAutoshare Parameter

The NoAutoshare parameter specifies the OpenVMS device names that should not be automatically shared or available to the Advanced Server. If a device is listed in both the Autoshare list and the NoAutoshare list, the NoAutoshare definition take precedence.

If the server configuration includes many disk devices, you may want to specify which devices are not shared automatically. By sharing some devices and not sharing others, you can separate OpenVMS disk resources from Advanced Server resources and reduce unnecessary resource consumption by the server. Entries in the NoAutoshare value list match OpenVMS device names that contain the search string. For example, the following data associated with the NoAutoshare value in the OpenVMS Registry specifies search strings DFS, DAD*, and PWRK$DKB300.

DFS,DAD*,PWRK$DKB300

With this data, any OpenVMS device name containing the string DFS, any string containing DAD followed by any characters such as DAD1 and DAD01, and the explicit device PWRK$DKB300 are not shared. The total search string after the equal sign (=) cannot exceed 128 characters.

4.2.3.5 Sharing DECdfs Devices

DECdfs is a DECnet-based layered product that provides OpenVMS users with the ability to use remote disks as if they were directly attached to the local system. By default, Advanced Server does not automatically share devices managed by DECdfs. The OpenVMS registry contains the following default data associated with the NoAutoshare value:

DAD,_DFS

You cannot assign permissions to DECdfs devices; therefore, if you override the default and allow the Advanced Server to create an autoshare for a DECdfs device, users with user or operator privileges cannot access that device. Access to a shared DECdfs device is restricted to users in the Administrators group.

4.2.3.5.1 Autosharing in an OpenVMS Cluster Environment

OpenVMS disk devices mounted cluster-wide are offered to users as shared devices (autoshares) by all server nodes in an OpenVMS cluster system. Devices mounted on a specific server (not cluster-wide) are accessible to users connected to that server only.

The OpenVMS Registry contains two types of values to define autoshares:

Autoshare and NoAutoshare
Autoshare_nodename and NoAutoshare_nodename

In an OpenVMS cluster system, you can make a device available cluster-wide by using the AutoShare value. You can restrict device availability using the NoAutoshare value.

In addition, you can control the devices to be automatically shared on a single node in the cluster, using the Autoshare_nodename and NoAutoshare_nodename values.

The following registry examples show how you can share disk devices in an OpenVMS cluster. For this example, the cluster contains two members: DOT and TINMAN.

On both DOT and TINMAN, the following value is defined:

Key: SYSTEM\CurrentControlSet\Services\AdvancedServer\ShareParameters Value: Autoshare = PCS524$DKA100=J,PCS524$DKA200=K

On the cluster member named DOT, the following value is defined:

Key: SYSTEM\CurrentControlSet\Services\AdvancedServer\ShareParameters Value: Autoshare_DOT = DUA1001=H,DUA1002=G,DUA1006=I

On the cluster member named TINMAN, the following value is defined:

Key: SYSTEM\CurrentControlSet\Services\AdvancedServer\ShareParameters Value: Autoshare_TINMAN = DUA1001=H,DUA1002=G

In this example:

PCS524$DKA100 and PCS524$DKA200 are available as shared devices on autoshares J: and K: on all OpenVMS cluster server nodes.
DUA1001 and DUA1002 are available as shared devices on autoshares H: and G: on server nodes DOT and TINMAN, respectively.
DUA1006 is available as a shared device on autoshare I: on node DOT only.

The Advanced Server compares the cluster-wide definitions with the node-specific definitions. If the same device is listed in both the cluster-wide and node-specific Autoshare parameters, the cluster-wide definition prevails. The NoAutoshare parameter uses the union of the cluster-wide and node-specific autoshare lists.

4.2.3.6 Synchronizing Autoshares

By default, each disk device available to the Advanced Server when it starts is assigned an autoshare name. If you mount a disk device after the server has started, you must synchronize the available devices using the SET COMPUTER command, to make the disk device available to the Advanced Server. For example:

LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/AUTOSHARE_SYNCHRONIZE %PWRK-S-AUTOSHRSYNCHED, autoshare synchronization was successful LANDOFOZ\\TINMAN>

In the OpenVMS cluster environment, you must enter this command on every node in the cluster.

4.3 Managing Shared Directories and Files

Advanced Server allows you to create shared and personal shared directories. Some shares are provided by default.

4.3.1 Default Shares

When you install Advanced Server software, it creates the default shares shown in Table 4-5, Default Shares.

Table 4-5 Default Shares
Share Name Description

USERS Contains user home directories. This shared directory is created only when logon validation is enabled.

NETLOGON Default location for logon scripts. This directory is shared if the Netlogon service is running.

PWLIC Client Licensing Software

PWLICENSE Client Licensing Software

PWUTIL Default location for Advanced Server utilities.

**Table 4-5 Default Shares**
Share Name	Description
USERS	Contains user home directories. This shared directory is created only when logon validation is enabled.
NETLOGON	Default location for logon scripts. This directory is shared if the Netlogon service is running.
PWLIC	Client Licensing Software
PWLICENSE	Client Licensing Software
PWUTIL	Default location for Advanced Server utilities.

4.3.2 Creating a Share

A share is a shared directory. By sharing a directory, you allow users on the network to access the directory.

Any directory on the server can be shared, including the root directory of a disk device. Users specify the share name when accessing and displaying shares. No two resources on the same server can have the same share name.

When you create a shared directory, you assign access permissions to users and groups. These permissions define the access to the share for the specified users and groups. If you do not specify permissions when you add a share, all users are allowed to access the share.

You can define an OpenVMS system logical name that refers to an OpenVMS physical device. Then you can specify the logical name when you create the share using the ADD SHARE command. This allows you to move the physical structure to another device, redefine the logical name, and continue to provide access to the structure by the same share name. Users connected to the share will have to reconnect after this change.

4.3.2.1 Preparing to Share a Directory

When you share directories on a server, it is important to be well organized. If many users access the same directory for different purposes and activities, the directory can become a clutter of unrelated files. If you take the time to create separate directories organized by group and function, it will be easier to keep files organized and to ensure security.

Before setting up a shared directory, prepare a list of directories you will need to share on the server. Also prepare a list of the users and groups that will require access to each shared directory and the kinds of permissions they will need. Use the worksheets in the Advanced Server for OpenVMS Concepts and Planning Guide to help you prepare these lists.

When sharing a directory on a server, you specify the names of the users and groups who can access the shared directory by setting share permissions, and who can access the subdirectories and files in the share by setting file and directory access permissions as described in Section 4.3.6, Specifying File and Directory Access Permissions. This allows you to set different permissions for each subdirectory and file in the shared directory.

You can also set up auditing of each type of access and of specific files and directories, as described in Section 4.3.9, Auditing Directory and File Access. This provides event log messages when the files and directories are accessed.

To create a share, you must be a member of the Administrators or Server Operators group, and the associated OpenVMS directory must already exist. If a directory to be shared does not exist, you must create it either on OpenVMS or remotely. To create a directory on the OpenVMS system, use the OpenVMS command CREATE/DIRECTORY. For example, to create the directory [SHARED] on disk device USER1, enter the following OpenVMS command:

$ CREATE/DIRECTORY USER1:[SHARED]

4.3.2.2 Planning Share Permissions

To secure shared directories effectively, keep the following in mind:

Share permissions apply to network users, not OpenVMS users. However, OpenVMS user accounts can be mapped to network user accounts, providing access to network resources for OpenVMS users based on their network user accounts.
Share permissions apply to all files and subdirectories created in the shared directory, unless you set specific file and directory access permissions. For more information, see Section 4.3.5.3, Inheriting Permissions.

Table 4-6, Share Permissions, shows permissions available for shares and the actions available to users for each permission.

Table 4-6 Share Permissions
Users can do the following... No Access Read Access Change Access Full Control

Display subdirectory names and file names X X X

Display file data and attributes X X X

Run program files X X X

Go to subdirectories of the directory X X X

Create subdirectories and add files X X

Change data in and append data to files X X

Change file attributes X X

Delete subdirectories and files X X

Change permissions (Windows NT files and directories only) X

Take ownership (Windows NT files and directories only) X

**Table 4-6 Share Permissions**
Users can do the following...	Read Access	Change Access	Full Control
Display subdirectory names and file names	X	X	X
Display file data and attributes	X	X	X
Run program files	X	X	X
Go to subdirectories of the directory	X	X	X
Create subdirectories and add files		X	X
Change data in and append data to files		X	X
Change file attributes		X	X
Delete subdirectories and files		X	X
Change permissions (Windows NT files and directories only)			X
Take ownership (Windows NT files and directories only)			X

4.3.2.3 Creating a Share

You can share an existing OpenVMS directory. When you share a directory, you specify its location on the server, including the disk device, the directory name, and the name for the share.

To share a directory on a server:

Use the ADD SHARE/DIRECTORY command. For example:

LANDOFOZ\\TINMAN> ADD SHARE/DIRECTORY RAINBOW USER1:[SHARED] - _LANDOFOZ\\TINMAN> /HOST_ATTRIBUTES=(RMS_FORMAT=STREAM) %PWRK-S-SHAREADD, share "RAINBOW" added on server "TINMAN"

This command adds a directory share named RAINBOW for the directory USER1:[SHARED]. Files created in this directory will be RMS stream-format files. Because the /PERMISSIONS qualifier is not included on the command line, the new share is available to all network users.

4.3.2.4 Creating a Personal Share

You can also create a personal share for any host-mapped user account in a system's OpenVMS user authorization file (UAF). A personal share allows you to share a user's OpenVMS login directory without including it in the list of shares that network users can display.

Note

Users cannot specify personal shares in the UNC path when connecting to or listing resources. To access such a file or run an application from the personal share, users must specify the device associated with the share.

A personal share points to the root directory of a users's OpenVMS account. For example, network user SCARECROW has a personal share that is mapped to the OpenVMS directory [STRAWMAN] on server TINMAN. If you display the personal shares on TINMAN, the following information appears:

LANDOFOZ\\TINMAN> SHOW SHARES/TYPE=PERSONAL Shared resources on server "TINMAN": Name Type Description ------------ --------- ------------------------------------- DOCTEST Personal Total of 1 share

STRAWMAN, the hostmapped OpenVMS account, has a login directory defined in the UAF record; for example: DUA1:[000000]STRAWMAN.DIR, or DUA1:[STRAWMAN]. You can use the AUTHORIZE utility to display a system's UAF records. For example:

$ MCR AUTHORIZE UAF> SHOW STRAWMAN Username: STRAWMAN Owner: SYSTEM MANAGER Account: SYSTEM UIC: [360,44] ([PCSA,STRAWMAN]) CLI: DCL Table: DCLTABLES Default: DUA1:[STRAWMAN] LGICMD: LOGIN . . .

Only users in the Administrators group can display and access all the personal shares on a server.

Note

A user with OpenVMS user accounts on multiple servers in a domain may have a personal share associated with an account on each server.

To create a personal share:

Add a share using the ADD SHARE/PERSONAL command.
Use the SHOW SHARES/TYPE=PERSONAL command to display the share. Include the /FULL qualifier to display the path and permissions. For example:

LANDOFOZ\\TINMAN> ADD SHARE GREATOZ USER1:[USERS] - _LANDOFOZ\\TINMAN> /PERSONAL/NOPERMISSIONS/PERMISSIONS=(LION=FULL) %PWRK-S-SHAREADD, share "GREATOZ" added on server "TINMAN" LANDOFOZ\\TINMAN> SHOW SHARES/TYPE=PERSONAL/FULL Shared resources on server "TINMAN": Name Type Description ------------ --------- ------------------------------------------ GREATOZ Personal Path: USER1:[USERS] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions: System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: LION Full Control Total of 1 share LANDOFOZ\\TINMAN>

After the personal share is created, you can set up the associated directory as the user's home directory. The home directory contains files and programs for the user, and is automatically accessible when the user logs on to the network. For information about setting up home directories, see Section 3.1.10, Specifying Home Directories.

4.3.2.5 Stopping Directory Sharing

You may need to stop sharing a directory when the directory is no longer being used and you want to delete it; for example, when a project requiring the use of shared files is completed. Advise users when you are planning to stop sharing a directory.

For example, to stop sharing the directory GREATOZ, use the ADMINISTER command REMOVE SHARE, as follows:

LANDOFOZ\\TINMAN> REMOVE SHARE GREATOZ/NOCONFIRM %PWRK-S-SHAREREM, share "GREATOZ" removed from server "TINMAN" LANDOFOZ\\TINMAN>

This example removes the share named GREATOZ from the server named TINMAN; no confirmation is required. When you stop sharing a directory, the share name is removed from the share database and no longer appears on the list of available shares. However, the directory and its files are not deleted.

4.3.3 Displaying Information About Shares

You can display the shares provided by a server to see which shares are available to the network. Before sharing a new directory from the server, first check which shares are currently available. To display the shared directories for your server, use the SHOW SHARES command. For example:

LANDOFOZ\\TINMAN> SHOW SHARES Shared resources on server "TINMAN": Name Type Description ------------ --------- --------------------------------------- NETLOGON Directory Logon Scripts Directory PWLIC Directory PATHWORKS Client License Software PWLICENSE Directory PATHWORKS Client License Software PWUTIL Directory PATHWORKS Client-based Utilities USERS Directory Users Directory Total of 5 shares LANDOFOZ\\TINMAN>

The default display does not show administrative shares and personal shares.

You can display information about administrative shares (those that end with $) using the SHOW SHARES/HIDDEN command, as described in Section 4.2, Administrative Shares.

You can display information about a personal share by specifying the share name. For example:

LANDOFOZ\\TINMAN> SHOW SHARES RAINBOW Shared resources on server "TINMAN": Name Type Description ------------ --------- -------------------- RAINBOW Personal Total of 1 share

To display share permissions:

Use the SHOW SHARES command with the /FULL qualifier. This command displays the permissions on the share, as well as the OpenVMS protections set for the directories and files created under the share. For example:

LANDOFOZ\\TINMAN> SHOW SHARES/FULL Shared resources on server "TINMAN": Name Type Description ------------ --------- -------------------------------------------------- DICK Printer Dick's print share Path: DICK Connections: Current: 0, Maximum: No limit Share Permissions: Everyone Full Control LION Manage Documents NETLOGON Directory Logon Scripts Directory Path: PWRK$LMROOT:[LANMAN.REPL.IMPORT.SCRIPTS] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions:System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: Everyone Read PATHWORKS Directory Path: SYS$COMMON:[PATHWORKS] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions:System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: Everyone Full Control PWLIC Directory PATHWORKS Client License Software Path: PWRK$LMROOT:[LANMAN.SHARES.LICENSE] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions:System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: Administrators Full Control Everyone Read PWLICENSE Directory PATHWORKS Client License Software Path: PWRK$LMROOT:[LANMAN.SHARES.LICENSE] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions:System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: Administrators Full Control Everyone Read

PWUTIL Directory PATHWORKS Client-based Utilities Path: PWRK$LMROOT:[LANMAN.SHARES.WIN] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions:System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: Everyone Read USERS Directory Users Directory Path: PWRK$LMROOT:[LANMAN.ACCOUNTS.USERDIRS] Connections: Current: 0, Maximum: No limit RMS file format: Stream Directory Permissions:System: RWED, Owner: RWED, Group: RWED, World: RE File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R Share Permissions: Everyone Full Control Total of 7 shares LANDOFOZ\\TINMAN>

Contents

Index

Advanced Server for OpenVMSServer Administrator's Guide

4.2.3.3 The Autoshare Parameter

Advanced Server for OpenVMS
Server Administrator's Guide