[Info-vax] Default protection question

Phillip Helbig---undress to reply helbig at astro.multiCLOTHESvax.de
Sat Nov 6 08:24:46 EDT 2010 

In article <ib3d4h$30k0$1 at ns.felk.cvut.cz>, smithfarm
<presnypreklad at gmail.com> writes: 

> "A new file receives the default UIC-based protection 

>From the default protection mask, your own or, if there is none, the 
system default mask.

> and the default 
> access control list (ACL) of its parent directory."

ACL is the key hear.  This is not the "protection" per se.

> "The operating system provides each process with the following UIC-based 
> protection: (S:RWED, O:RWED, G:RE, W)"
> and goes on to explain how to change this default by putting "SET 
> PROTECTION/DEFAULT" in one's LOGIN.COM.

Right.

> I conducted an experiment where I created a directory with UIC 
> protection (S:RWED, O:RWED, G:RWED, W:RWED) and then created a file in 
> that directory. The file did not receive the protection of its parent 
> directory; it received the default protection for the process, which is 
> (S:RWED, O:RWED, G:RE, W).

Right.  Generally, one wants them to be able to be different.

> Is there a separate "default" UIC protection associated with a directory 

No.  You are making the invalid jump in thinking of a directory
protection.  Default protection and directory ACL are what are
important. 

> that is distinguishable from the default protection of the process? Or 
> is there a mistake in the documentation?

The documentation is correct, but perhaps a bit confusing if one isn't 
already somewhat familiar.

SET PROTECTION is obsolete, except for SET PROTECTION/DEFAULT.  All this 
stuff is now in SET SECURITY which might make sense, but tends to make 
the difference between "normal" protection and ACLs somewhat less clear.
(And why is SET PROTECTION/DEFAULT not yet obsolete (the other stuff 
still works, but is no longer documented)?)

See HELP SET SECURITY and then contrast /PROTECTION and /ACL.

Every file and every directory has a protection mask.  Note that in 
order to do something to a file, you have to have the corresponding 
rights on the file and on the directory.  So, you need to understand 
this, set up sensible defaults on your system (in SYS$SYLOGIN and in 
SYS$LOGIN:LOGIN.COM) and know the basic commands.  You might never need 
ACLs.

More information about the Info-vax mailing list