OpenVMS System Manager's Manual

Directory structures do not apply to tape volumes. However, you can use the DIRECTORY command to search for files on tape volumes. Section 9.5 describes how to access tape files for read and write operations and also explains the use of the DIRECTORY command for tapes.

The DCL command SHOW PROTECTION displays the current process default protection. This protection is applied to files created during your terminal session or to batch jobs, where defaults from directories or previously existing versions are not available.

Note

To use the SHOW PROTECTION command to display the default protection of magnetic tapes, you must specify the /PROTECTION qualifier with the INITIALIZE command when you initialize the magnetic tape volume. Otherwise, the protection is not written to the magnetic tape volume. See the description of initializing magnetic tape volumes in Section 8.3.

The next example illustrates how you can use the SHOW PROTECTION command to display the default protection characteristics for disk files.

Example

$ SHOW PROTECTION
SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS

In this example, the SHOW PROTECTION command requests a display of the current protection defaults.

9.3.3 Protecting Disk Files

Each file on a disk has its own protection code, which is distinct from the protection that applies to the disk volume itself. Files residing on disk volumes have the access types shown in Table 9-2.

Table 9-2 Access Types with Disk File Protection

Access Type	Gives you the right to...
Read	Read, print, or copy a disk file. Read access automatically includes execute access to a specified file or group of files on disk.
Write	Write to or change the contents of a file, but not delete it. Write access allows modification of the file characteristics that describe the contents of the file.
Execute	Execute a file that contains an executable program image or DCL command procedure.
Delete	Delete the file. To delete a file, you must have delete access to the file and write access to the directory that contains the file.
Control	Change file characteristics, including the protection code and ACL. Special restrictions apply to changing the owner of a file.

If you do not define a protection code for a file when you create it, the system applies default protection. If a version of the file already exists, protection is taken from the previous version.

For a new file, the system determines protection in two major ways:

• If the directory where the file is to be cataloged has an associated access control entry (ACE) that specifies the default protection, the system uses the specified protection.
• If the directory does not have the default protection ACE, the system uses the default process protection. You establish the default process protection explicitly with the SET PROTECTION/DEFAULT command, or by default when you log in.

For disk volumes, each file on the volume can have a different protection associated with it. The SET SECURITY/PROTECTION command and other file-manipulating commands allow you to define the protection for individual files.

Note

To protect a file completely, you must protect both the file itself and the directory that lists the file. To protect a file against unauthorized access, specify the proper protection both for the directory that lists the file and for the file itself. See Section 9.3.4 for instructions on protecting directories.

The following sections explain how to perform these tasks:

Task	Section
Set default disk file protection	Section 9.3.3.1
Set explicit disk file protection	Section 9.3.3.2
Modify disk file protection characteristics	Section 9.3.3.3

9.3.3.1 Setting Default Disk File Protection

A new file receives default UIC-based protection and the default access control entries (ACEs), if any, of its parent directory. A new version of an existing file receives the UIC-based protection and ACL of the previous version.

The protection of a renamed file is unchanged unless you use the RENAME/INHERIT command.

How to Change Default UIC Protection

The operating system provides each process with a default UIC-based protection of (S:RWED,O:RWED,G:RE,W). To change the default protection that is applied to files created by that process, enter the SET PROTECTION/DEFAULT command using the following format:

SET PROTECTION[=(code)]/DEFAULT 

where:

code	Defines the protection to be applied to the specified files. If you omit the code, the access is set to the current default protection.

For example, if you place the following command in your login command procedure, you grant all processes read and execute access to any files that you subsequently create:

$ SET PROTECTION = (S:RWED,O:RWED,G:RE,W:RE)/DEFAULT 

You can explicitly specify UIC-based protection for a new file with the /PROTECTION qualifier (valid with the BACKUP, COPY, RENAME, and CREATE commands), as shown in the following command line:

$ CREATE MAST12.TXT/PROTECTION=(S:RWED,O:RWED,G,W)

After a file is created and you have created an ACL for the file, you can modify the ACL and add as many ACEs to the ACL as you want. The protection specified by the ACL overrides the UIC protection of the file.

Following are examples showing how to check and specify protection codes.

Examples

1. $ SHOW PROTECTION
   SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
   

   
   The SHOW PROTECTION command displays the current default protection. In this example, the response shows the system default protection, which indicates that the system and owner have all types of access, group users have read and execute access, and world users have no access.

2. $ SHOW SECURITY IMAGES.DIR
   DBA1:[SADAMS]IMAGES.DIR;1 object of class FILE
        Owner: [SAM,SADAMS]
        Protection: (System: RWE, Owner: RWE, Group: RE, World: E)
        Access Control List:
          (IDENTIFIER=[SAM,SADAMS],ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
   

   
   In this example, the SHOW SECURITY command displays the current protection associated with the file IMAGES.DIR.

3. $ DIRECTORY/SECURITY IMAGES.DIR
    
   Directory DBA1:[SADAMS]
    
   IMAGES.DIR;1         [VMS,SADAMS]          (RWE,RWE,RE,E)
            (IDENTIFIER=[VMS,SADAMS],ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
    
   Total of 1 file.
   

   
   In this example, the /SECURITY qualifier with the DIRECTORY command displays the current protection associated with the IMAGES.DIR file.

4. $ COPY/PROTECTION=(SYSTEM:RW,OWNER:RWED,GROUP:RW,WORLD) ABC.DAT XYZ.DAT
   

   
   In this example, the /PROTECTION qualifier specifies a protection code when the ABC.DAT file is copied to XYZ.DAT.

5. $ SET SECURITY/PROTECTION=(SYSTEM:RWE,OWNER:RWED,GROUP:RE,WORLD) ABC.DAT
   

   
   In this example, the SET SECURITY/PROTECTION command changes the protection for an existing file. The command gives the following instructions regarding the file ABC.DAT: system users have read, write, and execute access; the owner has read, write, execute, and delete access; group users have only read and execute access; world users have no access.
   Control access is implied and unchangeable for system and owner categories but not for group and world.

Table 9-3 shows the DCL commands that you can use to establish and modify the protection characteristics of files.

Table 9-3 DCL Commands to Modify File Protection Characteristics

Command	Description	For More Information
SET DIRECTORY	Modifies the characteristics of one or more directories. The directory protection can override the protection of individual files within the directory.	See Section 9.3.4.
SET FILE	Modifies the characteristics of one or more files, including the version limits on files.	See Section 9.3.3.3.2.
SET PROTECTION/DEFAULT	Sets the default UIC protection on files.	See the OpenVMS Guide to System Security.
SET SECURITY	Modifies the security profile of an object. Such a profile contains the following characteristics: An access control list (ACL). A protection code, which defines access to objects based on the categories of system, owner, group, and world. An owner. The system uses the owner characteristic to interpret the protection code.	See the OpenVMS Guide to System Security and the OpenVMS DCL Dictionary.
SET VOLUME	Changes the characteristics of one or more mounted Files-11 volumes. The /FILE_PROTECTION qualifier sets the default protection to be applied to all files on the specified disk volume.	See Section 8.4.1.2.

For a complete list of the command qualifiers and parameters applicable to each of these DCL commands, see the OpenVMS DCL Dictionary.

9.3.3.3.1 Changing File Protection Characteristics

To change or reset the protection characteristics of one or more files, use the following format:

SET SECURITY/PROTECTION = code file-spec[,...] 

where:

code	Defines the protection to be applied to the specified files. You cannot omit the code.
file-spec	Specifies one or more files for which the protection is to be changed. A file name and file type are required. If you omit a version number, the protection is changed only for the highest existing version of the file. Wildcard characters are allowed.

The following examples show ways to change file protection.

Examples

1. $ DELETE INCOME.DAT;3
   %DELETE-W-FILNOTDEL, error deleting DISK1:[SMITH]INCOME.DAT;3
   -RMS-E-PRV, insufficient privilege or file protection violation
   $ SET SECURITY/PROTECTION=OWNER:D INCOME.DAT;3
   $ DELETE INCOME.DAT;3
   

   
   In this example, the file INCOME.DAT;3 is protected against deletion. The SET SECURITY/PROTECTION command changes only the owner's delete access for the file INCOME.DAT;3. Now the owner can delete the file.

2. $ SET SECURITY/PROTECTION=(SYSTEM:R,OWNER:RWED,GROUP:RW) PAYROLL.LIS
   

   
   In this example, the SET SECURITY/PROTECTION command changes the protection codes applied to the PAYROLL.LIS file. To the file, the command gives the system read access; the owner has read, write, execute, and delete access; and users in the owner's group have read and write access.

You can use the DCL command SET FILE to modify the characteristics of one or more files or to assign an additional name, or alias, to a file. The following examples illustrate ways you can use the SET FILE command.

Examples

1. $ SET FILE/EXPIRATION_DATE=15-APR-1996:11:00 BATCH.COM;3
   

   
   This SET FILE command requests that the expiration date of the file BATCH.COM;3 be set to 11:00 a.m., April 15, 1996.

2. $ SET FILE/BEFORE=15-APR-96/ERASE_ON_DELETE PERSONNEL*.SAL
   

   
   This SET FILE command erases disk locations for files that are deleted with commands such as DELETE or PURGE when applied to all files that match the file specification PERSONNEL*.SAL and are dated before April 15, 1996.

3. $ SET FILE/OWNER_UIC=[DOCUMENTATION,GRAY]/VERSION_LIMIT=100 MYFILE.DAT
   

   
   This SET FILE command modifies the characteristics of the file MYFILE.DAT, changing the owner UIC and assigning a file version limit of 100. Note that the /OWNER_UIC qualifier requires SYSPRV or GRPPRV privilege for changing the ownership at the system or group level.

4. $ SET FILE OLD_FILENAME.DAT/ENTER=NEW_FILENAME.DAT
   

   
   This SET FILE command assigns an additional name, or alias (NEW_FILENAME.DAT), to the file OLD_FILENAME.DAT. Both the original name and the alias refer to the same file. For this reason, be careful when you delete files with aliases. To keep the file, but to remove one of its names, use the /REMOVE qualifier with the SET FILE command. You cannot use wildcards in the file name. (Refer to the OpenVMS DCL Dictionary for details.)

Each directory has a protection associated with it. Directory protection can override the protection of individual files within the directory. For example, if a directory denies world access, world users cannot look up files in that directory even though the files permit world access.

For directory protection, you can use the access types shown in Table 9-4.

Table 9-4 Access Types for Directory Protection

Access Type	Gives you the right to...
Read	Examine, print, or copy a file. If you have read access to a directory, you can display the contents of the directory with the DIRECTORY command. For example, if you have read access to the directory [JONES], you can enter the following: $ DIRECTORY [JONES] This command displays the files contained in the [JONES] directory. With read access, you can access any file listed in the directory, unless the protection on that file denies you access. If the protection applied to the whole directory denies you read access, then you cannot access even those files in the directory that permit access to users in your group.
Write	Modify or write to a directory. However, you must have both read and write access to a directory to create files in the directory, to rename files in the directory, or to perform any file operation that involves changes to the directory file.
Execute	Access files by name but not list all the entries in a directory (that is, to use specific or implied wildcards) when applied to directories. For example, assume that you have execute access to the [JONES] directory, and you enter the following command: $ DIRECTORY [JONES] The system responds with an error message of "insufficient privilege or file protection violation" and does not list the files in the [JONES] directory. However, if you know that the file DATAFILE.DAT resides in the [JONES] directory, you can enter the following command: $ TYPE [JONES]DATAFILE.DAT The system displays the contents of the file. Thus, with execute access, you can perform some, but not all, of the operations that you can with read access. (Access to individual files is still controlled by their file protection.) As another example, to display the contents of the EXPENSES.DAT file, you must have read or execute access to each directory in the directory tree, that is, to the JONES, REPORTS, and JUNE directories: $ TYPE [JONES.REPORTS.JUNE] EXPENSES.DAT
Delete	Delete a directory file. You must remove all entries from a directory before you can delete the directory file. When you create a directory with the CREATE/DIRECTORY command, you do not, by default, get delete access. If you want to be able to delete a directory file, you must use the DCL command SET SECURITY/PROTECTION to explicitly assign delete access to the owner category.
Control	Change the characteristics of a directory.

Using UIC Directory Protection

You cannot completely protect a file without applying at least the same protection to the directory in which the file resides. For example, if you deny a user all access to a file but allow that user read access to the file's directory, the user cannot access the contents of the file but can see that it exists. Conversely, a user allowed access to a file and denied access to the file's directory (or one of the parent directories) cannot see that the file exists.

Note

To protect sensitive files, the directory protection alone is not adequate. You must also protect each individual file contained within the directory. Section 9.3.3 contains instructions for protecting disk files.

By default, top-level directories receive UIC-based protection (S:RWE,O:RWE,G:RE,W:E) and no ACL. A newly created subdirectory receives the same protection as its parent directory, but delete access is removed from all categories.

Following are guidelines for specifying UIC-based protection on a directory:

• To specify UIC-based protection explicitly when creating a directory, use the /PROTECTION qualifier or the CREATE/DIRECTORY command. You cannot specify an ACL for the directory before you create the directory.
• To change the UIC-based protection of an existing directory, use the SET SECURITY/PROTECTION command for the directory file.
• You can limit but not prohibit directory access by specifying execute access but not read access. Execute access on a directory permits you to examine and read files that you know are in the directory (that is, you know the file specifications) but prevents you from displaying a list of the files in the directory.

The following sections explain how to change directory protection characteristics and default ACL protection.

9.3.4.1 Changing Directory UIC Protection Characteristics

The DCL command SET DIRECTORY modifies the characteristics of one or more directories.

Example

$ SET DIRECTORY/OWNER_UIC=[360,020] [DAVIS],[USERS]

The SET DIRECTORY command in this example modifies both the [DAVIS] and [USERS] directories, changing their owner UICs. Using the /OWNER_UIC qualifier requires SYSPRV (system privilege).

9.3.4.2 Changing Default ACL Protection

You can override default UIC protection for specified directories or subdirectories by placing a default protection ACE in the ACL of the appropriate directory file. The default protection specified in the ACE is applied to any new file created in the specified directory or in any subdirectory of the directory.

Example

The following ACE, which must be in the ACL of a directory file, specifies that the default protection (for files created in the directory and its subdirectories) will allow system and owner processes full access, group processes read and execute access, and world users no access:

(DEFAULT_PROTECTION,S:RWED,O:RWED,G:RE,W:) 

Because tapes are single-user devices, tape protection is only at the volume level. The protection codes for magnetic tape volumes are usually assigned with the INITIALIZE command.

You cannot use DCL commands to change protection characteristics on magnetic tape volumes. See Section 8.5.1 for more information.

9.4 Accessing Disk Files

This section describes how to use DCL commands to access files at the file level, not at the record level. This applies to reading files on disks, which is explained in this section, as well as to copying tape files, which is explained in Section 9.6.1.

Although DCL does allow you to manipulate files at the record level, for reasons of performance, you probably want to use a conventional programming language instead. Digital recommends that you write programs using the OpenVMS Record Management Services (RMS) facilities, which are specifically designed to access files at the record level. You can write these programs in any higher-level language that the operating system supports.

To access disk files at the file level, you can use DCL commands. You cannot, however, use DCL commands to read or write files that are not in the standard formats supported by the operating system. If the file formats are not standard, you must mount the volumes on which they reside with the /FOREIGN qualifier to have read and write access.

Although the examples used in this section show how to access disk files on RA90 disk packs, they also apply to other devices.

To read the contents of a disk file, use the DCL command TYPE, which displays the contents of a file on your terminal. To find the exact location of the disk file you want to read, use the DCL command DIRECTORY.

How to Perform This Task

If, for example, you want to read the contents of a file named HISFILE, which is located somewhere in the directory [CHARLES] on a disk device whose logical name is DISK$DOCUMENT, follow these steps:

1. Look for the exact location of HISFILE by entering the following command:

   $ DIRECTORY DISK$DOCUMENT:[CHARLES...]HISFILE.*
   

   
   This command instructs the operating system to search the entire [CHARLES] directory, including all the subdirectories, for all file types and version numbers of HISFILE.
   The following information is displayed on your terminal:

   Directory DISK$DOCUMENT:[CHARLES.MEMO]
   HISFILE.UPD;1
   Total of 1 file.
   

   
   This display informs you that only one version of HISFILE exists, that its file type is UPD, and that it resides in the [CHARLES.MEMO] directory.
2. To read the contents of this file, enter the following command:

   $ TYPE [CHARLES.MEMO]HISFILE.UPD
   

   
   The contents of HISFILE are displayed on your terminal.

This section describes file-level access for tapes. When you request access to a standard-labeled volume or a file, the operating system checks at the volume and file level to ensure that your process can access the volume or file. The level at which the system checks access depends on the operation you request and the type of access the operation requires.

When you access a volume or a file, the operating system software reads the volume- and file-header labels to determine whether access to the volume or file is restricted. Which label is read depends on the operation requested. For example, if you want to mount a volume, your process must have access to it.

The protection set on a file determines your access to the file. The expiration date field in the header can prevent you from overwriting or appending to a file immediately preceding the one in question. If the expiration date field has not been reached, a file has not expired.

To overwrite an unexpired file, you must specify the /OVERRIDE=EXPIRATION qualifier when you mount the volume. Performing this operation requires that you have read or write access.

Following a section that explains tape file names are sections that tell how to perform these tasks:

Task	Section
Locate standard-labeled tape files	Section 9.5.2
Use wildcards with tape files	Section 9.5.3
Read files on tape volumes	Section 9.5.4
Write files to tape volumes	Section 9.5.5

9.5.1 Understanding Tape File Names

OpenVMS systems accept two types of file names for magnetic tapes:

• OpenVMS extended names
  Use OpenVMS extended names if your files are to remain on media using only the OpenVMS operating system.
• Standard names
  Use standard names if you want to move files to media on operating systems other than OpenVMS.

Table 9-5 compares characteristics of OpenVMS extended names and standard names.

Table 9-5 Comparison of OpenVMS Extended Names and Standard Names

Characteristic	OpenVMS Extended Names	Standard Names
Valid with...	Tape and disk volumes	Tape volumes
Format	filename.type;version	filename.;version ( Version is optional.)
Length	39.39;	17.;
Valid Characters	A through Z; 0 through 9; ampersand (&), hyphen (-), underscore ( _ ), and dollar sign ($); wildcard characters asterisk (*) and percent sign (%)	ASCII "a"¹ characters enclosed in quotation marks (" "). Note that within a file name, DCL interprets a double set of quotation marks ("") as a single set ("). If a name has fewer than 17 characters, the system pads the name on the right with spaces to arrive at the 17-character maximum length.
Examples	OPENVMS_FILENAME.DAT;23	"GENLABEL#123";2

Before accessing a particular file for a read or write operation, you might want to search the magnetic tape volume for that file. Use the DCL command DIRECTORY to locate a file or group of files on a tape volume.

  6017P027.HTM
  OSSG Documentation
  22-NOV-1996 14:21:55.91

Copyright © Digital Equipment Corporation 1996. All Rights Reserved.

Legal