Default Protection

From VSI OpenVMS Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Default protection is the security profile of an object that the object gets when it is created unless a different security profile is specified explicitly.

Files

Files get the protection code specified in the Default Protection ACE of the directory:

Example 

$ set security [jdoe]sub.dir /acl=(default_protection,s:rwed,o:rwed,g,w)
$ create [jdoe.sub]newfile.lis
Exit
$ show security [jdoe.sub]newfile3.lis

DSA1:[000000.JDOE.SUB]NEWFILE3.LIS;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System:RWED, Owner:RWED, Group, World)
     Access Control List: <empty>

$ show protection
  SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS

If none is defined, they get the default protection of the process.

Example 

DSA1:[000000]JDOE.DIR;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWE, Owner: RWE, Group: RE, World: E)
     Access Control List: <empty>

$ show protection
  SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS

$ create newfile.lis
Exit
$ show security newfile.lis

DSA1:[000000.JDOE]NEWFILE.LIS;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWED, Owner: RWED, Group: RE, World)
     Access Control List: <empty>


Directory Files

Directory files get the protection of their parent directory, except for Delete access for the Owner. If there is a Default Protection ACE on the parent directory file, it is propagated but does not affect the protection code of the daughter directory file.

Example 


$ set security [jdoe]sub.dir /acl=(default_protection,s:rwed,o:rwed,g,w)
$ show security sub.dir

DSA1:[000000.JDOE]SUB.DIR;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWED, Owner: RWED, Group: RE, World: E)
     Access Control List:
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)

$ create [jdoe.sub.sub2] /dir
$ show security [jdoe.sub]sub2.dir

DSA1:[000000.JDOE.SUB]SUB2.DIR;1 object of class FILE
     Owner: [WRITERS,JDOE]
     Protection: (System: RWED, Owner: RWE, Group: RE, World: E)
     Access Control List:
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)

See also

Retrieved from "https://wiki.vmssoftware.com/index.php?title=Default_Protection&oldid=332"