[Info-vax] Default protection question

Jan-Erik Soderholm jan-erik.soderholm at telia.com
Sat Nov 6 07:28:39 EDT 2010 

On 2010-11-06 12:11, smithfarm wrote:
> I'm studying the OpenVMS v7.3-1 User's Manual.
>
> I think I found a mistake in the manual, so I'm wondering if anyone can
> confirm/deny this.
>
> The introduction to Section 10.4 Default File Protection (first sentence)
> says:
>
> "A new file receives the default UIC-based protection and the default
> access control list (ACL) of its parent directory."
>
> This seemed quite straightforward to me. However, further on, the first
> sentence of 10.4.1 Default UIC Protection says:
>
> "The operating system provides each process with the following UIC-based
> protection: (S:RWED, O:RWED, G:RE, W)"
>
> and goes on to explain how to change this default by putting "SET
> PROTECTION/DEFAULT" in one's LOGIN.COM.
>
> I conducted an experiment where I created a directory with UIC protection
> (S:RWED, O:RWED, G:RWED, W:RWED) and then created a file in that directory.
> The file did not receive the protection of its parent directory; it
> received the default protection for the process, which is (S:RWED, O:RWED,
> G:RE, W).
>
> Can someone help me understand the sentence: "A new file receives the
> default UIC-based protection and the default access control list (ACL) of
> its parent directory."
>
> Is there a separate "default" UIC protection associated with a directory
> that is distinguishable from the default protection of the process? Or is
> there a mistake in the documentation?
>
> Thanks, as always.
>
> Nathan

It says :

"...and the default access control list (ACL) of its parent directory."

If you have no "default ACL" on the DIR file, well...

If you have a dafault ACL on the parant DIR file, I
know for sure that this *DOES* work.

Read up an ACL's... :-)

See this example :

$ direc/security DKA500:[000000]webfiles.dir

Directory DKA500:[000000]

WEBFILES.DIR;1       [SYSTEM]             (RWE,RWE,RE,E)
    (IDENTIFIER=WASD_HTTP_SERVER,OPTIONS=DEFAULT,ACCESS=READ)
    (IDENTIFIER=WASD_HTTP_SERVER,ACCESS=READ)

Total of 1 file.
$

Note the ACL with "OPTIONS=DEFAULT" !
All files created in the DKA500:[WEBFILES] directory will get a
ACL like :

$ direc/security DKA500:[webfiles]WEBFILES_MAP.CONF.0

Directory DKA500:[WEBFILES]

WEBFILES_MAP.CONF;7
                      [SYSTEM]                         (RWED,RWED,RE,)
           (IDENTIFIER=WASD_HTTP_SERVER,ACCESS=READ)

Total of 1 file.
$

And all/any DIR files created as sub-dirs to [WEBFILES] will
also get a default ACL :

$ direc/security DKA500:[webfiles]docs.dir

Directory DKA500:[WEBFILES]

DOCS.DIR;1           [SYSTEM]                         (RWE,RWE,RE,E)
           (IDENTIFIER=WASD_HTTP_SERVER,OPTIONS=DEFAULT,ACCESS=READ)
           (IDENTIFIER=WASD_HTTP_SERVER,ACCESS=READ)

Total of 1 file.
$


Jan-Erik.

More information about the Info-vax mailing list