A volume is a mass storage medium, such as a disk or tape, that is in ODS-2 or ODS-5 format. Volumes contain files and may be mounted on devices. A volume is identified by the volume label (as opposed to a device identified by a device name).
Volume characteristics are set with the INITIALIZE and SET VOLUME commands:
- XFC caching
- data check (checks can be performed following all read operations or all write operations)
- erase on delete
- default extension size
- default file protection (only used by RSX-11M systems; OpenVMS uses default process protection)
- high-water marking
- volume label
- volume expansion limit
- mount verification
- retention time
- structure level: ODS-2 or ODS-2
- protected subsystems enabled
- enabled for unloading at dismount
- access dates
- windows (the number of mapping pointers to be allocated for file windows)
Protection of Volumes
Users may have access to files and directories on a volume, but they cannot access them if they do not also have access to the volume itself.
Volumes have four access types: Read, Write, Create, Delete. The volume's owner and users with VOLPRO privilege have control access to the volume. By default, the following protection is set for volumes:
- Volumes initialized /SYSTEM are owned by [1,1]; all users have W:RWCD to the volume, but only system processes can create first-level directories
- Volumes initialized /GROUP have no access for World but all access for System, Owner, and Group.
- Volumes initialized /NOSHARE have RWD access for System and Owner and no access for World or Group (unless /GROUP is specified).
A different protection setting can be specified with the INITIALIZE command. Volume protection settings can be changed with SET VOLUME and SET SECURITY /CLASS=VOLUME; ACLs can be added with SET SECURITY.
Security auditing can be enabled for volumes with SET AUDIT/ENABLE=ACCESS=access type /CLASS=volume /AUDIT (See SET AUDIT Events for details). However, some limitations apply:
- The system does not audit volume creation or deletion.
- The system does not audit access for tapes, ODS-1, or foreign-mounted volumes.
Security auditing can also be enabled for mount and dismount operations with SET AUDIT /ENABLE=MOUNT