Darya.zelenina: Created page with "The '''BYPASS''' privilege allows the user's process full access to all protected objects, totally bypassing UIC-based protection, ACL|access control list..."

2019-02-28T07:24:46Z

Created page with "The '''BYPASS''' privilege allows the user's process full access to all protected objects, totally bypassing UIC-based protection, ACL|access control list..."

New page

The '''BYPASS''' privilege allows the user's process full access to all protected objects, totally bypassing [[UIC Protection|UIC-based protection]], [[ACL|access control list (ACL) protection]], and mandatory access controls. With the BYPASS privilege, a process has unlimited access to the system. Among the operations that can be performed are:

* Modification of all user authorization records (SYSUAF.DAT)
* Modification of all rights identifier and holder records (RIGHTSLIST.DAT)
* Modification of all network proxy records (NETPROXY.DAT or NET$PROXY.DAT [VAX only])
* Modification of all DECnet object passwords and accounts (NETOBJECT.DAT)
* Unlimited access to all files on all volumes

Grant this privilege with extreme caution because it overrides all object protection. It should be reserved for
use by well-tested, reliable programs and command procedures. The [[SYSPRV]] privilege is adequate for
interactive use because it ultimately grants access to all objects while still providing access checks. The
[[READALL]] privilege is adequate for backup operations.

The [[BYPASS]] privilege lets a process perform the following tasks:

{| class="wikitable"
! colspan=”col” | Task
! colspan=”col”| Interface
|-
| Modify file operations
| SET SECURITY/OWNER, $QIO request to F11BXQP
|-
| Access a file that is marked for deletion
| $QIO request to F11A ACP or F11BXQP
|-
| Access a file that is deaccess locked
| $QIO request to F11A ACP or F11BXQP
|-
| Override creation of an owner ACE on a newly created file
| $QIO request to F11BXQP
|-
| Clear the directory bit in a directory’s file header
| $QIO request to F11BXQP
|-
| Operate on an extension header
| $QIO request to F11BXQP
|-
| Acquire or release a volume lock
| $QIO request to F11BXQP
|-
| Force [[Mount Verification|mount verification]] on a volume
| $QIO request to F11BXQP
|-
| Create a file access window with no access lock bit set
| $QIO request to F11BXQP
|-
| Specify null lock mode for volume lock
| $QIO request to F11BXQP
|-
| Access a locked file
| $QIO request to F11BXQP
|-
| Enable or disable disk quotas on a volume
| $QIO request to F11BXQP
|-
| Display permanent network database records
| NCP
|-
| Display permanent DECnet object password
| NCP
|-
| Display volatile DECnet object password
| NCP
|-
| Read a [[AUTHORIZE|user authorization record]]
| [[$GETUAI]]
|-
| Modify a user authorization record
| [[$SETUAI]]
|-
| Modify [[Mailbox|mailbox]] protection
| $QIO request to the mailbox driver (MBDRIVER)
|-
| Modify shared memory mailbox protection
| $QIO request to the mailbox driver (MBDRIVER)
|-
| Bypass discretionary or mandatory object protection
| [[$CHKPRO]]
|-
| Initialize a magnetic tape
| [[$INIT_VOL]]
|-
| Unload and [[InfoServer]] system
| $QUI request to the InfoServer system (DADDRIVER)
|}

[[Category:All Privileges]]

BYPASS - Revision history

Darya.zelenina: Created page with "The '''BYPASS''' privilege allows the user's process full access to all protected objects, totally bypassing UIC-based protection, ACL|access control list..."