Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Files-11
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== File security: protection and ACLs == VMS file security is defined by two mechanisms, UIC-based access control and [[access control list|ACL]]-based access control. UIC access control is based on the owner of the file and the UIC, or user, accessing the file. Access is determined by four groups of permissions: [[Image:OpenVMS file protection bits.svg|thumb|right|Format of file protection display; permissions not granted are not displayed]] *System *Owner *Group *World And four permission bits: *Read *Write *Execute *Delete The "system" access applies to any user whose UIC group code is less than or equal to the <kbd>SYSGEN</kbd> parameter <kbd>MAXSYSGROUP</kbd> (typically 8, or 10 [[octal]]) (for example the <kbd>SYSTEM</kbd> user); "owner" and "group" apply to the owner of the file and that user's user group, and "world" applies to any other user. There is also a fifth permission bit, "Control", which is used to determine access to change file metadata such as protection. This group cannot be set explicitly; it is always set for System and Owner, and never for Group or World. UIC-based access control is also affected by four system [[OpenVMS security|privileges]], which allow users holding them to override access controls: *<kbd>BYPASS</kbd>: user implicitly has RWED access to all files, regardless of file protection; *<kbd>READALL</kbd>: user implicitly has R access to all files; *<kbd>SYSPRV</kbd>: user may access files based on System protection; *<kbd>GRPPRV</kbd>: user may access files based on System protection if their UIC group matches the file's group. ACLs allow additional privileges to be assigned on a user– or group–specific basis; for example, a web server's UIC could be granted read access to all files in a particular directory. ACLs can be marked as ''inherited'', where a directory file's ACL applies to all files underneath it. ACLs are modified using the <kbd>EDIT/ACL</kbd> command, and take the form of identifier/access pairs. For example, the ACL entry (IDENTIFIER=HTTP$SERVER,ACCESS=READ+EXECUTE) would allow the user <kbd>HTTP$SERVER</kbd> to read and execute the file.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)