[Info-vax] Default protection question

Jan-Erik Soderholm jan-erik.soderholm at telia.com
Sat Nov 6 09:26:49 EDT 2010 

On 2010-11-06 13:52, smithfarm wrote:
>> "A new file receives the default UIC-based protection and the default
>> access control list (ACL) of its parent directory."
>
> Thanks guys, for the illumination. I now understand the sentence: the
> phrase "of its parent directory" only applies to "the default access
> control list (ACL)", and not to "the default UIC-based protection". At
> first I thought it meant that new files inherit both the ACL and the UIC
> protection from the parent directory.
>
> So, to put it simply, the UIC of a newly-created file is given by the
> default UIC of the *process*, while its ACL is taken from the parent
> directory.
>
> Since I'm focusing on a complete reading of the User's Manual, so I'm not
> going in-depth into ACLs at this point. I get the feeling they were
> designed for the multi-user...

Now, what is "multi-user" realy ?

Note that VMS only sees users as users from the UAF.
It has no idea if these users are complemented by
real users as you and me.

For example, if you have a web-server on the your VMS system,
it usualy runs under a specific user, such as WASD_HTTP_SERVER
if your are using the WASD web server. There is of course no
real user named that way, but the VMS system still uses
that

So, for example, ACL's is a flexible and easy-to-use method
to give your web-server read access to selected directories.
You could give your files "world:read" also, but then *anyone*
could read the files, not only the user running the web-server.

And it's way more flexible then plain UIC-based protection.
You can create identifiers in AUF> that are not specific to
any user at all, and then give that identifier specific
right to some /dirsfiles and finaly grant that identifier to
those users in UAF that belongs to that "group". Very much
like the "groups" in any Windows domain.

ACL's are definitely something you should take a look at.
It doesn't matter that you are the only "user" of the system.
It's no rocket-science either... :-)



> time-sharing systems, whereas today most
> systems (including mine) are single-user.
>
> Nathan

More information about the Info-vax mailing list