Default Protection

From VSI OpenVMS Wiki
Jump to: navigation, search

Default protection is the security profile of an object that the object gets when it is created unless a different security profile is specified explicitly.

Files

Files get the protection code specified in the Default Protection ACE of the directory:

Example

$ set security [jdoe]sub.dir /acl=(default_protection,s:rwed,o:rwed,g,w)
$ create [jdoe.sub]newfile.lis
Exit
$ show security [jdoe.sub]newfile3.lis

DSA1:[000000.JDOE.SUB]NEWFILE3.LIS;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System:RWED, Owner:RWED, Group, World)
     Access Control List: <empty>

$ show protection
  SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
 

If none is defined, they get the default protection of the process.

Example

DSA1:[000000]JDOE.DIR;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWE, Owner: RWE, Group: RE, World: E)
     Access Control List: <empty>

$ show protection
  SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS

$ create newfile.lis
Exit
$ show security newfile.lis

DSA1:[000000.JDOE]NEWFILE.LIS;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWED, Owner: RWED, Group: RE, World)
     Access Control List: <empty>
 


Directory Files

Directory files get the protection of their parent directory, except for Delete access for the Owner. If there is a Default Protection ACE on the parent directory file, it is propagated but does not affect the protection code of the daughter directory file.

Example


$ set security [jdoe]sub.dir /acl=(default_protection,s:rwed,o:rwed,g,w)
$ show security sub.dir

DSA1:[000000.JDOE]SUB.DIR;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWED, Owner: RWED, Group: RE, World: E)
     Access Control List:
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)

$ create [jdoe.sub.sub2] /dir
$ show security [jdoe.sub]sub2.dir

DSA1:[000000.JDOE.SUB]SUB2.DIR;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWED, Owner: RWE, Group: RE, World: E)
     Access Control List:
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)

 

See also