[Digital logo]
[HR]

OpenVMS System Manager's Manual


Previous | Contents

Do not initialize a volume that contains data that users want to keep. (Initializing a volume each time you use it is not necessary.)


Steps for Setting Up Disk or Tape Volumes

To set up a disk or tape volume, you need to perform two steps. In each step you issue a DCL command, as follows:
1. INITIALIZE Formats the volume and writes an identifying label on it. This effectively removes the previous contents of the volume. (Initializing a volume each time you use it is not necessary.)
2. MOUNT Provides the user's process with access to a volume's files or data.

This section contains instructions for initializing volumes. Section 8.5 contains instructions for mounting volumes. Before you initialize a volume, you might want to refer to Section 8.4, which contains information about volume protection.

Setting Up Media on a Workstation

For workstations with removable media, users can perform the tasks shown in Table 8-6 unassisted.

Table 8-6 Tasks Users Can Perform Unassisted
Task Description
Load Insert the media into the drive.
Initialize Remove all previous contents from the media. (VOLPRO privilege is required for most operations.)
Mount Logically mount the media and allocate the device (requires SYSNAM, GRPNAM, or VOLPRO privilege for various operations). To mount a volume on a device, you must have read (R), write (W), or control (C) access to that device.
Perform file operations Access files and perform the desired operations on them.
Dismount Logically dismount the media and deallocate the device (requires GRPNAM and SYSNAM user privileges to dismount group and system volumes).
Unload Remove the media from the drive compartment.

For additional information on manipulating removable media on your workstation, see the hardware manuals that accompany your workstation.

On VAX systems, also see the upgrade and installation supplement for your computer.

8.3.1 Using the INITIALIZE Command

Use the DCL command INITIALIZE to format and write a label to the volume. To initialize a disk or tape volume, enter the INITIALIZE command using the following format:
INITIALIZE device-name[:] volume-label 

where:
device-name Specifies the name of the device on which the volume is to be physically mounted and then initialized. To prevent initializing another user's volume, allocate a device before you initialize the volume. (Prior allocation is not required, however.)
volume-label Specifies the identification to be encoded on the volume. For a disk volume, you can specify a maximum of 12 ANSI characters; for a magnetic tape volume, you can specify a maxiumum of 6 alphanumeric characters.

To initialize a public volume, you must specify the /SYSTEM qualifier with the DCL command INITIALIZE:

INITIALIZE/SYSTEM device name[:] volume-label 

For more details on INITIALIZE command format, see the OpenVMS DCL Dictionary.

Examples

The OpenVMS User's Manual contains additional examples of the INITIALIZE command.

8.3.2 Using INITIALIZE Command Qualifiers

Table 8-7 describes a number of qualifiers you can use with the INITIALIZE command. Selecting appropriate values for these qualifiers and selecting the appropriate position for the index file involve tradeoffs. The OpenVMS DCL Dictionary contains more information about each qualifier.

Table 8-7 INITIALIZE Command Qualifiers
Qualifier Description
/CLUSTER_SIZE=
number-of-blocks
Specifies minimum allocation unit in blocks.
/HEADERS=
number-of-headers
Specifies the number of file entries, called file headers, that you expect to have in INDEXF.SYS, the index file. It controls how much space is initially allocated to INDEXF.SYS for headers. (The system accesses the index file each time it locates a file on disk.)

Each file on a disk requires at least 1 file header and each header occupies 1 block within INDEXF.SYS. Files that have many access control entries (ACEs) or that are very fragmented might use more than 1 header. The default value of 16 leaves room for fewer than 10 files to be created before INDEXF.SYS must extend. Therefore, estimate the total number of files that will be created on the disk and specify it here. A good estimate improves performance of disk access. Setting the number too low can result in a fragmented index file. However, if you set the number too high, space allocated to headers cannot be made available later for file storage and can lead to wasted disk space. This value cannot be changed without reinitializing the volume.

INDEXF.SYS is limited as to how many times it can extend. When the map area in its header (where the retrieval pointers are stored) becomes full, files cannot be created and the message SYSTEM-W-HEADERFULL is displayed.

/INDEX= position Determines the location of the index file on a volume, using the keyword BEGINNING, MIDDLE, END, or BLOCK: n. The index file lists the names and addresses of all disk files, so it is constantly referenced.
/MAXIMUM_FILES= n Specifies the maximum number of entries in the index file, and therefore limits the number of files that a volume can contain. Once set, the maximum number of files for a volume cannot be increased without reinitializing the disk.
/PROTECTION=
(ownership=[:access][,...])
Specifies the protection code to be assigned to a volume. See Section 8.4 for details.
/WINDOWS= n Sets the default number of mapping pointers to be allocated for file windows. When a file is opened, the file system uses mapping pointers to access data in the file. The file system can read one file segment into memory for each available pointer.


Caution

The default value for the /HEADER qualifier is generally insufficient for ODS-2 disks. To improve performance and avoid SYSTEM-F-HEADERFULL errors, Digital strongly recommends that you set this value to be approximately the number of files that you anticipate having on your disk. However, grossly overestimating this value will result in wasted disk space.

Examples

8.3.3 Assisting Users in Accessing and Initializing Volumes

Initializing volumes for users might be necessary in some circumstances:

8.4 Protecting Volumes

Protection based on user identification codes (UICs) restricts users' access to volumes. By assigning access types to volumes, you determine the kinds of actions various groups of users can perform on volumes. Section 8.4.1 and Section 8.4.2 explain the differences between UIC-based protection for disk and tape volumes.

For additional access control, you can set access control lists (ACLs) on volumes. Volume ACLs are copied from the VOLUME.DEFAULT security class template. See Section 11.5 for more information about ACLs.

Table 8-8 shows the types of access you can assign to disk and tape volumes.

Table 8-8 Access Types for Disk and Tape Volumes
Access Type Gives you the right to...
Read Examine file names, print, or copy files from the volume. System and owner categories always have read access to tape volumes.
Write Modify or write to existing files on a volume. The protection of a file determines whether you can perform a particular operation on the file. To be meaningful, write access requires read access. System and owner categories always have write access to tape volumes.
Create Create files on a disk volume and subsequently modify them. Create access requires read and write access. This type of access is invalid for tape volumes.
Delete Delete files on a disk volume, provided you have proper access rights at the directory and file level. Delete access requires read access. This type of access is invalid for tape volumes.
Control Change the protection and ownership characteristics of the volume. Users with the VOLPRO privilege always have control access to a disk volume, with the following exceptions:
  • Mounting a file-structured volume as foreign requires control access or VOLPRO privilege.
  • Mounting a volume containing protected subsystems requires SECURITY privilege.

Control access is not valid with tapes.

For more information on specifying protection codes, see the OpenVMS Guide to System Security. Chapter 11 discusses protection in general.

The following sections explain how to perform these operations:
Task Section
Protecting disk volumes Section 8.4.1
Protecting tape volumes Section 8.4.2
Auditing volume access Section 8.4.3

8.4.1 Protecting Disk Volumes

For file-structured ODS-2 volumes, the OpenVMS operating system supports the types of access shown in Table 8-8. The system provides protection of ODS-2 disks at the volume, directory, and file levels. Although you might have access to the directories and files on the volume, without the proper volume access, you are unable to access any part of a volume.

The default access types for the disk volume owner [0,0] are:

S:RWCD, O:RWCD, G:RWCD, W:RWCD.

The system establishes this protection with the default qualifier of the INITIALIZE command (/SHARE). Any attributes that you do not specify are taken from the current default protection.

Ways to Specify Protection

You can change permanently stored protection information in the following ways:

The following sections explain how to perform these tasks:
Task Section
Specify protection when you initialize volumes Section 8.4.1.1
Change protection after volumes are mounted Section 8.4.1.2
Display protection Section 8.4.1.3

8.4.1.1 Specifying Protection When You Initialize Disk Volumes

This section explains how to specify UIC-based volume protection and ISO 9660-formatted media protection when you initialize volumes.

Specifying UIC-Based Protection

You can specify protection in one of the following ways when you initialize volumes:

Table 8-10 shows the UIC and protection that the system sets for disk volumes when you use the default, /SHARE, and other qualifiers with the INITIALIZE command.

Table 8-10 Protection Granted with INITIALIZE Command Qualifiers
Qualifier UIC Protection
/SYSTEM [1,1] S:RWCD,O:RWCD,G:RWCD,W:RWCD
/SYSTEM/NOSHARE [1,1] S:RWCD,O:RWCD,G:RWCD,W:RWCD
/GROUP [x,0] S:RWCD,O:RWCD,G:RWCD,W
/SHARE (the default) [x,x]¹ S:RWCD,O:RWCD,G:RWCD,W:RWCD
/NOSHARE [x,x]¹ S:RWCD,O:RWCD,G,W


¹x,x is the UIC of the process that performs the initialization.

Specifying ISO 9660-Formatted Media Protection

The OpenVMS implementation of ISO 9660 does not include volume or volume set protection. The protection specified for the device on which the media is mounted determines accessibility to the ISO 9660 volumes or volume sets.

By default, the device protection is assigned to ISO 9660 files and directories. When you mount the volume, you can specify additional file protection using the UIC and PERMISSION protection fields included in the Extended Attribute Records (XARs) that might be associated with each file.

You can enable the protection fields by specifying either of the following:

For more information about the XAR and DSI options, see the OpenVMS Record Management Utilities Reference Manual.

8.4.1.2 Changing Protection After Disk Volumes Are Mounted

You can change protection by using the SET SECURITY/CLASS=VOLUME command with the /PROTECTION, /OWNER, or /ACL qualifier to change any aspect of the volume security profile.

Changing UIC-Based Protection

To change UIC-based protection after a volume is mounted, use the SET SECURITY/CLASS=VOLUME/PROTECTION command. For example:

$ SET SECURITY/CLASS=VOLUME/PROTECTION=(S:RWCD,O:RWCD,G:RC,W:RC) DUA0: 

The protection set in this example allows the system and owner all types of access. Group and world access types can only read files and run programs. Any category not specified in the protection code (S,O,G,W) is unchanged.

Changing ACL-Based Protection

To change ACL-based protection after a volume is mounted, use the SET SECURITY/CLASS=VOLUME/ACL command. To change the ACL, for example:

$ SET SECURITY/CLASS=VOLUME/ACL=(IDENTIFIER=DOC,ACCESS=READ+WRITE+EXECUTE) -
_$ $1$DSA7:

This example gives holders of the DOC identifier read, write, and execute access to the $1$DSA7: volume.

8.4.1.3 Displaying UIC- and ACL-Based Protection

You can use the SHOW SECURITY/CLASS=VOLUME command to display protection. For example:

$ SHOW SECURITY/CLASS=VOLUME $1$DSA27: 

Following is an example of the resulting display:

$1$DSA27: object of class VOLUME 
     Owner: [1,1] 
     Protection: (System: RWCD, Owner: RWCD, Group: RWCD, World: RWCD) 
     Access Control List: 
          (IDENTIFIER=[ABC,SADAMS],ACCESS=READ+WRITE+CREATE+DELETE) 

In the display are the name and profile of the VOLUME class object $1$DSA27. The profile includes the owner UIC, the protection code, and the access control list (ACL) of the protected object.

8.4.2 Protecting Tape Volumes

The system protects magnetic tapes only at the volume level. You establish protection when you initialize tape volumes; after that, the Mount utility (MOUNT) enforces the protection that you have established.

You can use two levels of protection for tape volumes:
Level of Protection Description
Guidelines of the ISO standard The ISO standard, which is the first level of protection, is encoded in the accessibility field of the first volume label written on the magnetic tape. With this protection scheme, you can protect tape volumes in environments where interchange exists between the OpenVMS system and the operating system that is not OpenVMS.
UIC-based protection scheme supported by system software This second level of protection is encoded in the second volume label written on the magnetic tape. Only OpenVMS systems check this scheme; it is ignored in any interchange with operating systems that are not OpenVMS.

Standard-Labeled Tape Protection

The OpenVMS tape file system bases its accessibility protection on the ISO standards. This protection allows an installation routine to use a routine that interprets the contents of the volume- and header-label accessibility field. See the $MTACCESS system service in the OpenVMS System Services Reference Manual for more information on installation routines.

Access Types with Default Protection

When you do not supply a protection code during initialization, all users receive read and write access, explained in Table 8-11.

Table 8-11 Access Types for Tape Volume Protection
Access Type Gives you the right to...
Read Examine, print, or copy files from the volume.
Write Append or write files to the volume.

The security profile of a tape volume is stored in the ANSI VOL1 and VOL2 labels written on the tape. The VOL2 label contains system-specific information. To override the creation of VOL2 labels, specify the /INTERCHANGE qualifier with the INITIALIZE command or the INIT$_INTERCHANGE itemcode on the $INIT_VOL system service.

Foreign Volume Protection

The operating system also supports foreign tape volumes. (Foreign volumes either lack the standard volume label or have been mounted with the /FOREIGN qualifier.) When a tape volume is mounted with the /FOREIGN qualifier, users in the system and owner categories are always given full access (read, write, logical, and physical), regardless of what is specified in the protection code.

8.4.2.1 Using the /PROTECTION Qualifier with Tape Volumes

If you use the /PROTECTION qualifier when you initialize tape volumes, the protection code is written to a system-specific volume label.

With the /PROTECTION qualifier, the system applies only read (R) and write (W) access restrictions. (Execute [E] and delete [D] access do not apply.) The system and the owner always receive both read (R) and write (W) access to magnetic tapes, regardless of the protection code you specify.

8.4.2.2 Protecting Tape Volumes for Interchange Environments

You can protect tape volumes for interchange between OpenVMS and other operating systems.

Following are guidelines for protecting specific types of magnetic tapes:

8.4.3 Auditing Volume Access

You can enable auditing for the volume object class; the system then audits disk volume access, with the following exceptions:

8.5 Mounting Volumes

Mounting a disk or tape volume establishes a relationship between the volume and the device on which the volume is physically loaded. After you mount a volume, the system knows it exists, and users can access it. (This section assumes that you are performing the mount operation yourself.)

File-Structured and Foreign Volumes


Previous | Next | Contents | [Home] | [Comments] | [Ordering info] | [Help]

[HR]

  6017P021.HTM
  OSSG Documentation
  22-NOV-1996 14:21:46.98

Copyright © Digital Equipment Corporation 1996. All Rights Reserved.

Legal