Do not initialize a volume that contains data that users want to keep. (Initializing a volume each time you use it is not necessary.)
Steps for Setting Up Disk or Tape Volumes
To set up a disk or tape volume, you need to perform two steps. In each step you issue a DCL command, as follows:
1. INITIALIZE | Formats the volume and writes an identifying label on it. This effectively removes the previous contents of the volume. (Initializing a volume each time you use it is not necessary.) |
2. MOUNT | Provides the user's process with access to a volume's files or data. |
This section contains instructions for initializing volumes. Section 8.5 contains instructions for mounting volumes. Before you initialize a volume, you might want to refer to Section 8.4, which contains information about volume protection.
Setting Up Media on a Workstation
For workstations with removable media, users can perform the tasks shown in Table 8-6 unassisted.
Task | Description |
---|---|
Load | Insert the media into the drive. |
Initialize | Remove all previous contents from the media. (VOLPRO privilege is required for most operations.) |
Mount | Logically mount the media and allocate the device (requires SYSNAM, GRPNAM, or VOLPRO privilege for various operations). To mount a volume on a device, you must have read (R), write (W), or control (C) access to that device. |
Perform file operations | Access files and perform the desired operations on them. |
Dismount | Logically dismount the media and deallocate the device (requires GRPNAM and SYSNAM user privileges to dismount group and system volumes). |
Unload | Remove the media from the drive compartment. |
For additional information on manipulating removable media on your workstation, see the hardware manuals that accompany your workstation.
On VAX systems, also see the upgrade and installation supplement for your computer.
INITIALIZE device-name[:] volume-label
where:
device-name | Specifies the name of the device on which the volume is to be physically mounted and then initialized. To prevent initializing another user's volume, allocate a device before you initialize the volume. (Prior allocation is not required, however.) |
volume-label | Specifies the identification to be encoded on the volume. For a disk volume, you can specify a maximum of 12 ANSI characters; for a magnetic tape volume, you can specify a maxiumum of 6 alphanumeric characters. |
To initialize a public volume, you must specify the /SYSTEM qualifier with the DCL command INITIALIZE:
INITIALIZE/SYSTEM device name[:] volume-label
For more details on INITIALIZE command format, see the OpenVMS DCL Dictionary.
Examples
$ INITIALIZE DUA2: TEMP
$ INITIALIZE MUB2: TEST
The OpenVMS User's Manual contains additional examples of the INITIALIZE command.
Table 8-7 describes a number of qualifiers you can use with the INITIALIZE command. Selecting appropriate values for these qualifiers and selecting the appropriate position for the index file involve tradeoffs. The OpenVMS DCL Dictionary contains more information about each qualifier.
Qualifier | Description |
---|---|
/CLUSTER_SIZE=
number-of-blocks |
Specifies minimum allocation unit in blocks. |
/HEADERS=
number-of-headers |
Specifies the number of file entries, called
file headers, that you expect to have in INDEXF.SYS, the
index file. It controls how much space is initially allocated to
INDEXF.SYS for headers. (The system accesses the index file each time
it locates a file on disk.)
Each file on a disk requires at least 1 file header and each header occupies 1 block within INDEXF.SYS. Files that have many access control entries (ACEs) or that are very fragmented might use more than 1 header. The default value of 16 leaves room for fewer than 10 files to be created before INDEXF.SYS must extend. Therefore, estimate the total number of files that will be created on the disk and specify it here. A good estimate improves performance of disk access. Setting the number too low can result in a fragmented index file. However, if you set the number too high, space allocated to headers cannot be made available later for file storage and can lead to wasted disk space. This value cannot be changed without reinitializing the volume. INDEXF.SYS is limited as to how many times it can extend. When the map area in its header (where the retrieval pointers are stored) becomes full, files cannot be created and the message SYSTEM-W-HEADERFULL is displayed. |
/INDEX= position | Determines the location of the index file on a volume, using the keyword BEGINNING, MIDDLE, END, or BLOCK: n. The index file lists the names and addresses of all disk files, so it is constantly referenced. |
/MAXIMUM_FILES= n | Specifies the maximum number of entries in the index file, and therefore limits the number of files that a volume can contain. Once set, the maximum number of files for a volume cannot be increased without reinitializing the disk. |
/PROTECTION=
(ownership=[:access][,...]) |
Specifies the protection code to be assigned to a volume. See Section 8.4 for details. |
/WINDOWS= n | Sets the default number of mapping pointers to be allocated for file windows. When a file is opened, the file system uses mapping pointers to access data in the file. The file system can read one file segment into memory for each available pointer. |
Caution
The default value for the /HEADER qualifier is generally insufficient for ODS-2 disks. To improve performance and avoid SYSTEM-F-HEADERFULL errors, Digital strongly recommends that you set this value to be approximately the number of files that you anticipate having on your disk. However, grossly overestimating this value will result in wasted disk space.
$ INITIALIZE/HEADERS=100000 DUA3:
$ INITIALIZE/MAXIMUM_FILES=20000 DUA3:This example shows how to specify the characteristics of a small disk. Note that each directory and each extension header of a multiheader file counts as a file against this maximum value.
$ INITIALIZE/WINDOWS=10 DUA3:This example shows how to cite a large number of pointers for a large disk of 500 MB.
Initializing volumes for users might be necessary in some circumstances:
Protection based on user identification codes (UICs) restricts users' access to volumes. By assigning access types to volumes, you determine the kinds of actions various groups of users can perform on volumes. Section 8.4.1 and Section 8.4.2 explain the differences between UIC-based protection for disk and tape volumes.
For additional access control, you can set access control lists (ACLs) on volumes. Volume ACLs are copied from the VOLUME.DEFAULT security class template. See Section 11.5 for more information about ACLs.
Table 8-8 shows the types of access you can assign to disk and tape volumes.
For more information on specifying protection codes, see the OpenVMS Guide to System Security. Chapter 11 discusses protection in general.
The following sections explain how to perform these operations:
Task | Section |
---|---|
Protecting disk volumes | Section 8.4.1 |
Protecting tape volumes | Section 8.4.2 |
Auditing volume access | Section 8.4.3 |
For file-structured ODS-2 volumes, the OpenVMS operating system supports the types of access shown in Table 8-8. The system provides protection of ODS-2 disks at the volume, directory, and file levels. Although you might have access to the directories and files on the volume, without the proper volume access, you are unable to access any part of a volume.
The default access types for the disk volume owner [0,0] are:
S:RWCD, O:RWCD, G:RWCD, W:RWCD.
The system establishes this protection with the default qualifier of the INITIALIZE command (/SHARE). Any attributes that you do not specify are taken from the current default protection.
Ways to Specify Protection
You can change permanently stored protection information in the following ways:
The following sections explain how to perform these tasks:
Task | Section |
---|---|
Specify protection when you initialize volumes | Section 8.4.1.1 |
Change protection after volumes are mounted | Section 8.4.1.2 |
Display protection | Section 8.4.1.3 |
This section explains how to specify UIC-based volume protection and ISO 9660-formatted media protection when you initialize volumes.
Specifying UIC-Based Protection
You can specify protection in one of the following ways when you initialize volumes:
$ INITIALIZE DUA7: ACCOUNT1/PROTECTION=(S:RWCD,O:RWCD,G:R,W:R)
Using INITIALIZE Command Qualifiers for Protection
You usually do not change volume protection after you initialize a
volume. By specifying a protection qualifier with the INITIALIZE
command, you can establish the default protection of a volume. (The
default qualifier of the INITIALIZE command is /SHARE, which grants all
types of ownership all types of access.)
Table 8-9 explains the
qualifiers you can use to specify disk volume protection when you
initialize disk volumes.
Qualifier | Explanation |
---|---|
/PROTECTION | The protection you specify with this qualifier overrides any protection you specify with other qualifiers. |
/SYSTEM | All processes have read, write, create, and delete access to the volume, but only system processes can create first-level directories. ([1,1] owns the volume.) See the note following this table. |
/GROUP | System, owner, and group processes have read, write, create, and delete access to the volume. World users have no access. |
/NOSHARE | System and owner processes have read, write, and delete access to the volume. World users have no access. Group users also have no access unless you specify the /GROUP qualifier. |
Note
The /SYSTEM qualifier grants all users complete access. However, users cannot create directories or files unless you do one of the following:
- Change the protection on the newly created master file directory (MFD), [000000]000000.DIR;1 to allow users to create their own directories under this parent directory.
- Under the master file directory, create user directories that give users write access so that they, in turn, can create their own directories.
System managers usually choose the second method.
Table 8-10 shows the UIC and protection that the system sets for disk volumes when you use the default, /SHARE, and other qualifiers with the INITIALIZE command.
Qualifier | UIC | Protection |
---|---|---|
/SYSTEM | [1,1] | S:RWCD,O:RWCD,G:RWCD,W:RWCD |
/SYSTEM/NOSHARE | [1,1] | S:RWCD,O:RWCD,G:RWCD,W:RWCD |
/GROUP | [x,0] | S:RWCD,O:RWCD,G:RWCD,W |
/SHARE (the default) | [x,x]¹ | S:RWCD,O:RWCD,G:RWCD,W:RWCD |
/NOSHARE | [x,x]¹ | S:RWCD,O:RWCD,G,W |
Specifying ISO 9660-Formatted Media Protection
The OpenVMS implementation of ISO 9660 does not include volume or volume set protection. The protection specified for the device on which the media is mounted determines accessibility to the ISO 9660 volumes or volume sets.
By default, the device protection is assigned to ISO 9660 files and directories. When you mount the volume, you can specify additional file protection using the UIC and PERMISSION protection fields included in the Extended Attribute Records (XARs) that might be associated with each file.
You can enable the protection fields by specifying either of the following:
MOUNT/PROTECTION=XAR
MOUNT/PROTECTION=DSI
For more information about the XAR and DSI options, see the OpenVMS Record Management Utilities Reference Manual.
You can change protection by using the SET SECURITY/CLASS=VOLUME command with the /PROTECTION, /OWNER, or /ACL qualifier to change any aspect of the volume security profile.
Changing UIC-Based Protection
To change UIC-based protection after a volume is mounted, use the SET SECURITY/CLASS=VOLUME/PROTECTION command. For example:
$ SET SECURITY/CLASS=VOLUME/PROTECTION=(S:RWCD,O:RWCD,G:RC,W:RC) DUA0:
The protection set in this example allows the system and owner all types of access. Group and world access types can only read files and run programs. Any category not specified in the protection code (S,O,G,W) is unchanged.
Changing ACL-Based Protection
To change ACL-based protection after a volume is mounted, use the SET SECURITY/CLASS=VOLUME/ACL command. To change the ACL, for example:
$ SET SECURITY/CLASS=VOLUME/ACL=(IDENTIFIER=DOC,ACCESS=READ+WRITE+EXECUTE) - _$ $1$DSA7:
This example gives holders of the DOC identifier read, write, and execute access to the $1$DSA7: volume.
You can use the SHOW SECURITY/CLASS=VOLUME command to display protection. For example:
$ SHOW SECURITY/CLASS=VOLUME $1$DSA27:
Following is an example of the resulting display:
$1$DSA27: object of class VOLUME Owner: [1,1] Protection: (System: RWCD, Owner: RWCD, Group: RWCD, World: RWCD) Access Control List: (IDENTIFIER=[ABC,SADAMS],ACCESS=READ+WRITE+CREATE+DELETE)
In the display are the name and profile of the VOLUME class object $1$DSA27. The profile includes the owner UIC, the protection code, and the access control list (ACL) of the protected object.
The system protects magnetic tapes only at the volume level. You establish protection when you initialize tape volumes; after that, the Mount utility (MOUNT) enforces the protection that you have established.
You can use two levels of protection for tape volumes:
Level of Protection | Description |
---|---|
Guidelines of the ISO standard | The ISO standard, which is the first level of protection, is encoded in the accessibility field of the first volume label written on the magnetic tape. With this protection scheme, you can protect tape volumes in environments where interchange exists between the OpenVMS system and the operating system that is not OpenVMS. |
UIC-based protection scheme supported by system software | This second level of protection is encoded in the second volume label written on the magnetic tape. Only OpenVMS systems check this scheme; it is ignored in any interchange with operating systems that are not OpenVMS. |
Standard-Labeled Tape Protection
The OpenVMS tape file system bases its accessibility protection on the ISO standards. This protection allows an installation routine to use a routine that interprets the contents of the volume- and header-label accessibility field. See the $MTACCESS system service in the OpenVMS System Services Reference Manual for more information on installation routines.
Access Types with Default Protection
When you do not supply a protection code during initialization, all users receive read and write access, explained in Table 8-11.
Access Type | Gives you the right to... |
---|---|
Read | Examine, print, or copy files from the volume. |
Write | Append or write files to the volume. |
The security profile of a tape volume is stored in the ANSI VOL1 and VOL2 labels written on the tape. The VOL2 label contains system-specific information. To override the creation of VOL2 labels, specify the /INTERCHANGE qualifier with the INITIALIZE command or the INIT$_INTERCHANGE itemcode on the $INIT_VOL system service.
Foreign Volume Protection
The operating system also supports foreign tape volumes. (Foreign volumes either lack the standard volume label or have been mounted with the /FOREIGN qualifier.) When a tape volume is mounted with the /FOREIGN qualifier, users in the system and owner categories are always given full access (read, write, logical, and physical), regardless of what is specified in the protection code.
If you use the /PROTECTION qualifier when you initialize tape volumes, the protection code is written to a system-specific volume label.
With the /PROTECTION qualifier, the system applies only read (R) and write (W) access restrictions. (Execute [E] and delete [D] access do not apply.) The system and the owner always receive both read (R) and write (W) access to magnetic tapes, regardless of the protection code you specify.
You can protect tape volumes for interchange between OpenVMS and other operating systems.
Following are guidelines for protecting specific types of magnetic tapes:
You can enable auditing for the volume object class; the system then audits disk volume access, with the following exceptions:
Mounting a disk or tape volume establishes a relationship between the volume and the device on which the volume is physically loaded. After you mount a volume, the system knows it exists, and users can access it. (This section assumes that you are performing the mount operation yourself.)
File-Structured and Foreign Volumes
6017P021.HTM OSSG Documentation 22-NOV-1996 14:21:46.98
Copyright © Digital Equipment Corporation 1996. All Rights Reserved.