Default Protection
Default protection is the security profile of an object that the object gets when it is created unless a different security profile is specified explicitly.
Files
Files get the protection code specified in the Default Protection ACE of the directory:
Example
$ set security [jdoe]sub.dir /acl=(default_protection,s:rwed,o:rwed,g,w)
$ create [jdoe.sub]newfile.lis
Exit
$ show security [jdoe.sub]newfile3.lis
DSA1:[000000.JDOE.SUB]NEWFILE3.LIS;1 object of class FILE
Owner: [WRITERS,JDOE]
Protection: (System:RWED, Owner:RWED, Group, World)
Access Control List: <empty>
$ show protection
SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
If none is defined, they get the default protection of the process.
Example
DSA1:[000000]JDOE.DIR;1 object of class FILE
Owner: [WRITERS,JDOE]
Protection: (System: RWE, Owner: RWE, Group: RE, World: E)
Access Control List: <empty>
$ show protection
SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
$ create newfile.lis
Exit
$ show security newfile.lis
DSA1:[000000.JDOE]NEWFILE.LIS;1 object of class FILE
Owner: [WRITERS,JDOE]
Protection: (System: RWED, Owner: RWED, Group: RE, World)
Access Control List: <empty>
Directory Files
Directory files get the protection of their parent directory, except for Delete access for the Owner. If there is a Default Protection ACE on the parent directory file, it is propagated but does not affect the protection code of the daughter directory file.
Example
$ set security [jdoe]sub.dir /acl=(default_protection,s:rwed,o:rwed,g,w)
$ show security sub.dir
DSA1:[000000.JDOE]SUB.DIR;1 object of class FILE
Owner: [WRITERS,JDOE]
Protection: (System: RWED, Owner: RWED, Group: RE, World: E)
Access Control List:
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)
$ create [jdoe.sub.sub2] /dir
$ show security [jdoe.sub]sub2.dir
DSA1:[000000.JDOE.SUB]SUB2.DIR;1 object of class FILE
Owner: [WRITERS,JDOE]
Protection: (System: RWED, Owner: RWE, Group: RE, World: E)
Access Control List:
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)
