Difference between revisions of "Creator ACE"

From VSI OpenVMS Wiki
Jump to: navigation, search
m
 
Line 42: Line 42:
 
* DELETE
 
* DELETE
 
* CONTROL
 
* CONTROL
 +
 +
[[Category:Security]]

Latest revision as of 12:34, 28 November 2019

A creator ACE in an Access Control Entry that adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist:

  • The file being created is not owned by the user identification code (UIC) of the process creating the file.
  • The process creating the file does not have system privileges.

For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.

The Creator ACE applies to directory files only.

Format

(CREATOR [,OPTIONS=attribute[+attribute...]],ACCESS=access-type[+access-type...])

options

Specify any of the following options:

Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT

Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access types that are valid for files:

  • READ
  • WRITE
  • EXECUTE
  • DELETE
  • CONTROL