Document revision date: 19 July 1999 | |
Previous | Contents | Index |
Modifies the owner element of an object. Specify the user identification code (UIC) or general identifier in the standard format. Modifying the owner element of a file usually requires privileges. Refer to the OpenVMS Guide to System Security for more information.
Include the /CLASS=SECURITY_CLASS qualifier to identify which profile you want to modify.
Modifies the protection code of an object. The protection code defines the type of access allowed to users, based on their relationship to the object's owner.
Specify the ownership parameter as system (S), owner (O), group (G), or world (W).
Access types are class specific and are shown in the Description section. For access, use the first letter of the access name. The Examples section provides you with models of protection codes.
For complete information on specifying time values, refer to the OpenVMS User's Manual or the online help topic DCL_Tips (subtopic Date_Time).
The valid keywords for this qualifier are CONDENSED and EXPANDED. Descriptions are as follows:
Keyword | Explanation |
---|---|
CONDENSED (default) | Displays the file name representation of what is generated to fit into a 255-length character string. This file name may contain a DID or FID abbreviation in the file specification. |
EXPANDED | Displays the file name representation of what is stored on disk. This file name does not contain any DID or FID abbreviations. |
The keywords CONDENSED and EXPANDED are mutually exclusive. This qualifier specifies which file name format is displayed in the output message, along with the confirmation if requested.
File errors are displayed with the CONDENSED file specification unless the EXPANDED keyword is specified.
Refer to the OpenVMS Guide to Extended File Specifications for more information.
#1 |
---|
$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE LNM$GROUP object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,SMITH],ACCESS=CONTROL) $ SET SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE - _$ /ACL=((IDENTIFIER=CHEKOV,ACCESS=CONTROL), - _$ (IDENTIFIER=WU,ACCESS=READ+WRITE)) - _$ /DELETE=ALL - _$ /PROTECTION=(S:RWCD, O:RWCD, G:R, W:R) $ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE LNM$GROUP object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWCD, Owner: RWCD, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,CHEKOV],ACCESS=CONTROL) (IDENTIFIER=[USER,WU],ACCESS=READ+WRITE) |
This example shows how to make a straightforward change to the security elements of an object. The first SHOW SECURITY command displays the current settings of the LNM$GROUP logical name table. The SET SECURITY command resets the ACL to allow control access for user Chekov, and to allow read and write access for user Wu. Note that without the /DELETE=ALL qualifier, these ACEs would have been added to the existing ACL rather than superseding it. The protection is also changed to allow read, write, create, and delete access for the owner. The last command displays the results of the changes.
#2 |
---|
$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE LNM$GROUP object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,FERNANDEZ],ACCESS=CONTROL) $ SHOW SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE LNM$JOB object of class LOGICAL_NAME_TABLE Owner: [USER,WEISS] Protection: (System: RWCD, Owner: RWCD, Group, World) Access Control List: <empty> $ SET SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE - _$ /LIKE=(NAME=LNM$GROUP, CLASS=LOGICAL_NAME_TABLE) - _$ /COPY_ATTRIBUTES=PROTECTION $ SET SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE - _$ /ACL=(IDENTIFIER=FERNANDEZ, ACCESS=READ) $ SHOW SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE LNM$JOB object of class LOGICAL_NAME_TABLE Owner: [USER,WEISS] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,FERNANDEZ],ACCESS=READ) |
This example shows how to copy security access information from one object to another and, at the same time, set some elements explicitly. The first SHOW SECURITY commands display the current settings for the LNM$GROUP and LNM$JOB logical name tables. The SET SECURITY command copies the protection code from the LNM$GROUP logical name table to the LNM$JOB logical name table and adds an ACE to allow read access to another user. The final SHOW SECURITY command shows the effect of the changes.
#3 |
---|
$ SHOW SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS SECURITY_CLASS object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWED, Owner: RWED, Group: R, World: R) Access Control List: <empty> Template: DEFAULT Owner: [SYSTEM] Protection: (System: RWED, Owner: RWED, Group, World: RE) Access Control List: <empty> $ SET SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS - _$ /PROFILE=TEMPLATE=DEFAULT - _$ /PROTECTION=(S:RWE, O:RWE, G:RE) $ SHOW SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS SECURITY_CLASS object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWED, Owner: RWED, Group: R, World: R) Access Control List: <empty> Template: DEFAULT Owner: [SYSTEM] Protection: (System: RWE, Owner: RWE, Group: RE, World: RE) Access Control List: <empty> |
This example demonstrates how to change the security elements for the template of a security class object. The first command shows the current settings for the SECURITY_CLASS object. The second command changes the DEFAULT template of the SECURITY_CLASS object such that the protection is (S:RWE, O:RWE, G:RE). The change is shown in the display of the last command. The world protection of RE remains unchanged.
#4 |
---|
$ DIRECTORY/SECURITY Directory DKA200:[DATA] FILE001.DAT;1 [SYSTEM] (RWED,RWED,RE,) Total of 1 file. $ SET SECURITY/CLASS=FILE/PROTECTION=(WORLD:RE)/LOG FILE001.DAT %SET-I-MODIFIED, DKA200:[DATA]FILE001.DAT;1 modified $ DIRECTORY/SECURITY Directory DKA200:[DATA] FILE001.DAT;1 [SYSTEM] (RWED,RWED,RE,RE) Total of 1 file. $ |
This example shows how to set UIC-based protection codes on an object. The first DIRECTORY command displays the current security settings on the file FILE001.DAT. The SET SECURITY command changes the protection codes on the file to allow read and execute access for all users. The last command displays the results of the change.
Controls starting, stopping, and restarting of the security server. The security server maintains information stored in the system intrusion and proxy databases.
SET SERVER server-name
server-name
The server-name must be SECURITY_SERVER.
The SET SERVER command provides a system manager with a means to start, stop, and restart the security server. The security server maintains information stored in the system intrusion and proxy databases.The system intrusion database is used by LOGINOUT, DECnet/OSI, DECwindows, SHOW INTRUSION, DELETE INTRUSION, and other applications. For more information about the system intrusion database and $DELETE_INTRUSION, $SCAN_INTRUSION, and $SHOW_INTRUSION system services, refer to the OpenVMS System Services Reference Manual. For further information, refer to the OpenVMS Guide to System Security.
The system proxy database is used by AUTHORIZE, DECnet/OSI, DFS, and other applications to access information stored in the nework proxy database. Additional information can be found in the OpenVMS System Management Utilities Reference Manual. See also the $ADD_PROXY, $DELETE_PROXY, $DISPLAY_PROXY, $VERIFY_PROXY system services in the OpenVMS System Services Reference Manual.
/EXIT
Stop the detached security server process./RESTART
Restart the detached security server process./START
Start the detached security server process.
#1 |
---|
$ SET SERVER SECURITY_SERVER/START |
This command starts the detached security server process.
#2 |
---|
$ SET SERVER SECURITY_SERVER/EXIT |
This command stops the detached security server process.
#3 |
---|
$ SET SERVER SECURITY_SERVER/RESTART |
This command restarts the detached security server process.
Controls access to local and global symbols in command procedures.
SET SYMBOL
The SET SYMBOL command controls access to local and global symbols in command procedures by treating symbols as undefined. Because all global and local symbols defined in an outer procedure level are accessible to inner procedure levels, it is often necessary to mask these symbols without deleting them.The SET SYMBOL command also controls whether DCL will attempt to translate the verb string (the first token on the command line) as a symbol before processing the line. The default behavior is that the translation is attempted. The advantage to changing this behavior is that a command procedure will not be affected by outer procedure level environments when invoking a command.
The symbol scoping context is different for local and global symbols. Local symbols are procedure level dependent. Local symbols defined in an outer subroutine level can be read at any inner subroutine level, but they cannot be written to. If you assign a value to a symbol that is local to an outer subroutine level, a new symbol is created at the current subroutine level. However, the symbol in the outer procedure level is not modified.
This means that the SET SYMBOL/SCOPE=NOLOCAL command causes all local symbols defined at an outer procedure level to be inaccessible to the current procedure level and any inner levels. For example, if SET SYMBOL/SCOPE=NOLOCAL was specified at procedure levels 2 and 4, procedure level 2 can read (but not write to) only level 2 local symbols. Level 3 can read (but not write to) level 2 local symbols and can read and write to level 3 local symbols. Level 4 can read and write to only level 4 local symbols.
Global symbols are procedure-level independent. The current global symbol scoping context is applied subsequently to all procedure levels. Specifying the /SCOPE=NOGLOBAL qualifier causes all global symbols to become inaccessible for all subsequent commands until either the /SCOPE=GLOBAL qualifier is specified or the procedure exits to a previous level at which global symbols were accessible. In addition, specifying the /SCOPE=NOGLOBAL qualifier prevents you from creating any new global symbols until the /SCOPE=GLOBAL qualifier is specified.
When you exit a procedure level to return to a previous procedure, the symbol scoping context from the previous level is restored for both local and global symbols.
To display the current symbol scoping state, use the lexical function F$ENVIRONMENT("SYMBOL_SCOPE").
/ALL (default)
Specifies that the values of the /SCOPE qualifier pertain both to the translation of the first token on a command line and to general symbol substitution.The /ALL qualifier is incompatible with the /GENERAL or the /VERB qualifier.
/GENERAL
Specifies that the values of the /SCOPE qualifier pertain to the translation of all symbols except the first token on a command line.The /GENERAL qualifier is incompatible with the /ALL or the /VERB qualifier.
/SCOPE=(keyword,...)
Controls access to local and global symbols. Lets you treat symbols as being undefined. Possible keywords are as follows:
NOLOCAL Causes all local symbols defined in outer procedure levels to be treated as being undefined by the current procedure and by all inner procedure levels. LOCAL Removes any symbol translation limit set by the current procedure level. NOGLOBAL Causes all global symbols to be inaccessible to the current procedure level and to all inner procedure levels unless otherwise changed. GLOBAL Restores access to all global symbols. /VERB
Specifies that the values of the /SCOPE qualifier pertain to the translation of the first token on a command line as a symbol before processing only. It does not affect general symbol substitution.
Note
Caution must be used if the SET SYMBOL/VERB/SCOPE command is used more than once in a command procedure. Because DCL uses the translation behavior when looking for a label or subroutine, execution may be different running in one mode than in another. Compaq recommends that the SET SYMBOL/VERB/SCOPE command be used once as part of the command procedure setup and left in that mode for the duration of the procedure.The /VERB qualifier is incompatible with the /ALL or the /GENERAL qualifier.
#1 |
---|
$ SET SYMBOL/SCOPE=NOLOCAL |
In this example, all local symbols defined in outer procedure levels are now undefined for the current procedure level and all inner procedure levels.
#2 |
---|
$ SET SYMBOL/SCOPE=NOGLOBAL |
In this example, all global symbols are now inaccessible to the current procedure level and all inner procedure levels unless otherwise changed.
#3 |
---|
$ NOW :== SHOW TIME $ ! $ NOW 3-NOV-1998 11:48:58 $ ! $ SET SYMBOL /VERB /SCOPE=NOGLOBAL $ NOW %DCL-W-IVVERB, unrecognized command verb-check validity and spelling \NOW\ $ ! $ SHOW SYMBOL NOW NOW == "SHOW TIME" |
This example demonstrates the use of the /VERB qualifier.
The symbol NOW is assigned to the SHOW TIME command. The next line shows the default behavior, where DCL attempts to translate the first string on the command line (NOW). Since NOW translates to the SHOW TIME command, this is used instead of NOW.
The SET SYMBOL command on the next line changes the behavior so that DCL does not attempt a translation. When NOW is subsequently entered, DCL uses the string NOW as the command verb and cannot find it in the command table. This results in the error message.
Notice that the scoping of the verb translation has no effect on general symbol translations, as demonstrated by the SHOW SYMBOL command in the example.
Sets the characteristics of a terminal. Entering a qualifier changes a characteristic; omitting a qualifier leaves the characteristic unchanged.
SET TERMINAL [device-name[:]]
device-name[:]
Specifies the device name of the terminal. The default is SYS$COMMAND if that device is a terminal. If the device is not a terminal, an error message is displayed.
The SET TERMINAL command modifies specific terminal characteristics for a particular application or overrides system default characteristics. (These defaults are defined at each installation, based on the most common type of terminal in use.) The default characteristics for terminals are listed in Figure DCLII-2.The terminal characteristics, local or remote, are determined automatically by the terminal driver for terminals that have the modem characteristic enabled. These characteristics are not affected by the SET TERMINAL command. For example, when you successfully dial in to an OpenVMS system processor, you establish your terminal as remote. When you hang up, the terminal characteristic is set back to local.
The set of terminals supported by the OpenVMS system includes a set of VT100 family terminals that support special DIGITAL ANSI characteristics and escape sequences. For a description of these special characteristics and escape sequences, refer to the OpenVMS Wide Area Network I/O User's Reference Manual.
Figure DCLII-2 Default Characteristics for Terminals
/ADVANCED_VIDEO
/NOADVANCED_VIDEO
Controls whether the terminal has advanced video attributes and is capable of 132-column video. If the terminal width is set to 132 columns and you specify the /ADVANCED_VIDEO qualifier, the terminal page limit is set to 24 lines. If you specify the /NOADVANCED_VIDEO qualifier, the terminal page limit is set to 14 lines./ALTYPEAHD
Causes the terminal driver to create a permanent, alternate type-ahead buffer. The system parameter TTY_ALTYPEAHD determines the size of the type-ahead buffer. This specification is effective at your next login and stays in effect until you reboot your VAX computer.To enable /ALTYPEAHD, you must also set the qualifier /TYPE_AHEAD.
You should specify SETTERMINAL/PERMANENT/ALTYPEAHD in SYS$STARTUP:SYSTARTUP_VMS.COM for those communication lines that require this capability.
To use this feature interactively, specify SET TERMINAL/PERMANENT/ALTYPEAHD. This specification is effective at your next login.
/ANSI_CRT (default)
/NOANSI_CRT
Controls whether the terminal conforms to ANSI CRT programming standards. Since ANSI standards are a proper subset of the DEC_CRT characteristics, the default for all VT100 family terminals is /ANSI_CRT./APPLICATION_KEYPAD
Specifies that the keypad is to be set to application keypad mode, which allows you to enter DCL commands defined with the DEFINE/KEY command. By default, the terminal is set to numeric keypad mode./AUTOBAUD
/NOAUTOBAUD
Controls whether the terminal baud rate is set when you log in and sets the default terminal speed to 9600. You must press the Return key two or more times at intervals of at least 1 second for the baud rate to be determined correctly. If you press a key other than the Return key, the /AUTOBAUD qualifier may detect the wrong baud rate. If this happens, wait for the login procedure to time out before continuing. The /AUTOBAUD qualifier must be used with the /PERMANENT qualifier.The valid baud rates are as follows:
50 150 1800 4800 38400 75 300 2000 7200 57600 110 600 2400 9600 76800 134 1200 3600 19200 115200/BLOCK_MODE
/NOBLOCK_MODE
Controls whether block mode transmission, local editing, and field protection are performed./BRDCSTMBX
/NOBRDCSTMBX
Controls whether broadcast messages are sent to an associated mailbox if one exists./BROADCAST (default)
/NOBROADCAST
Controls whether reception of broadcast messages (such as those issued by MAIL and REPLY) is enabled. Specify the /NOBROADCAST qualifier when you are using a terminal as a noninteractive device or when you do not want special output to be interrupted by messages. Use the SET BROADCAST command to exclude certain types of messages from being broadcast, rather than eliminating all messages./COLOR
Sets the ANSI_COLOR terminal characteristic and identifies the terminal as capable of supporting the ANSI color escape sequences./COMMSYNC
/NOCOMMSYNC (default)
Allows connection of asynchronous printers and other devices to terminal ports, using standard modem control signals as flow control. Transmission to the device stops if either data set ready (DSR) or clear to send (CTS) EIA modem control signals are dropped. Transmission resumes when both signals are present.The /COMMSYNC qualifier and the /MODEM qualifier are mutually exclusive.
The COMMSYNC feature has the following limitations:
- Cannot be used on LAT ports
- Can only be used on ports with full modem control
- Should not be used in conjunction with Xon/Xoff flow control (the port may hang)
Caution
The /COMMSYNC qualifier should never be set on a line with a modem that is intended for interactive use. The qualifier disables the modem terminal characteristic that disconnects a user process from the terminal line in case of a modem phone line failure. With the /COMMSYNC qualifier enabled, the next call on the terminal line could be attached to the previous user's process. Security administrators should be aware that the characteristic should not be used on interactive terminal ports. In addition, the /COMMSYNC qualifier is not supported on a port connected to a LAT line./CRFILL[=fill-count]
Generates the specified number of null characters after each carriage return before transmitting the next meaningful character (to ensure that the terminal is ready for reception). The value must be an integer in the range 0 to 9. The default is the /CRFILL=0 qualifier./DEC_CRT[=(value1,value2,value3)]
/NODEC_CRT[=(value1,value2,value3)]
Controls whether the terminal conforms to DIGITAL VT100-, VT200-, VT300-, VT400-, or VT500-family standards and supports the minimum standards, including the additional DIGITAL escape sequences.You can specify one of the following values:
1 (default) Requests that the DEC_CRT terminal characteristic be set. 2 Requests that the DEC_CRT2 terminal characteristic be set. 3 Requests that the DEC_CRT3 terminal characteristic be set. A level 3 terminal supports the following additional features:
- A status line (line 25, at the bottom of the screen)
- The ISO Latin1 character set
- Terminal state interrogation (describes what state your terminal is in)
4 Requests that the DEC_CRT4 terminal characteristic be set. A level 4 terminal supports the following additional features:
- Extended keyboard
- Key position mode
- Secure reset
- Novice mode
- Selective erase
- On-line transaction processing (OLTP) features:
- Page memory
- Rectangular editing
- Text macros
- Data integrity reports
Note that DEC_CRT2, DEC_CRT3, and DEC_CRT4 are supersets of DEC_CRT. Clearing DEC_CRT causes DEC_CRT2, DEC_CRT3, and DEC_CRT4 to be cleared. Similarly, setting DEC_CRT4 causes all subsets of DEC_CRT4 (including ANSI_CRT) to be set.
/DEVICE_TYPE=terminal-type
Informs the system of the terminal type and sets characteristics according to the device type specified. You can specify any of the following terminal types:
- UNKNOWN
- FT1--FT8
- LA12
- LA34
- LA36
- LA38
- LA100
- LA120
- LA210
- LN01K
- LN03
- LQP02
- PRO_SERIES
- VT05
- VT52
- VT55
- VT100
- VT101
- VT102
- VT105
- VT125
- VT131
- VT132
- VT173
- VT200
- VT300
- VT400
- VT500
The default characteristics for the VT100-, VT102-, and VT125-series terminals are as follows:
/ADVANCEDVIDEO /NOALTYPEAHD 1 /ANSI_CRT /NOAUTOBAUD /NOBLOCK_MODE /NOBRDCSTMBX /BROADCAST /CRFILL=0 /ECHO /NOEIGHT_BIT /NOESCAPE /NOFORM /FULLDUP /NOHOSTSYNC /LFFILL=0 /LOWERCASE /NODMA /PAGE=24 /NOPARITY /NOPASTHRU /NOREADSYN /SPEED=9600 /TAB /TTSYNC /TYPE_AHEAD /WIDTH=80 /WRAP
Previous | Next | Contents | Index |
privacy and legal statement | ||
9996PRO_059.HTML |