Technical data

ManualsBrandsCompaq ManualsPrinterLA36

221

222

223

224

225

226

227

228

229

230

Managing User Accounts

7.9 Setting Up Special Accounts

$ RUN SYS$SYSTEM:AUTHORIZE

UAF> ADD/IDENTIFIER KITE_FLYING/ATTRIBUTES=RESOURCE

{message}

UAF> GRANT/IDENTIFIER KITE_FLYING GEORGE/ATTRIBUTES=RESOURCE

{message}

UAF> GRANT/IDENTIFIER KITE_FLYING LINDORF/ATTRIBUTES=RESOURCE

{message}

UAF> EXIT

3. Create the disk quota authorization for the project identiﬁer. For example,

the following command invokes SYSMAN and assigns the identiﬁer KITE_

FLYING 2000 blocks of disk quota with 200 blocks of overdraft:

$ RUN SYS$SYSTEM:SYSMAN

SYSMAN> DISKQUOTA ADD KITE_FLYING/PERMQUOTA=2000/OVERDRAFT=200

SYSMAN> EXIT

4. Create the project directory. For example, the following DCL command

creates the project directory [KITE_FLYING] and establishes the identiﬁer

KITE_FLYING as the owner:

$ CREATE/DIRECTORY [KITE_FLYING]/OWNER=[KITE_FLYING]

5. Set up the necessary ACL and default ACL on the project directory. For

example, the following DCL command places an ACL on the directory [KITE_

FLYING] that permits any holder of the identiﬁer KITE_FLYING to gain

read, write, or execute access to the directory; it also ensures that ﬁles

created in the directory receive the same ACE (access control list entry) as a

default:

$ SET SECURITY [000000]KITE_FLYING.DIR;1 -

_$ /ACL=((DEFAULT_PROTECTION,S:RWED,O:RWED,G,W) -

_$ (IDENTIFIER=KITE_FLYING, ACCESS=READ+WRITE+EXECUTE), -

_$ (IDENTIFIER=KITE_FLYING,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE))

Access must be granted through ACL entries, because the owner identiﬁer of

the directory and the ﬁles (KITE_FLYING) does not match the UIC of any of

the project members; thus, only world access is available through the UIC-based

protection mask. The ﬁrst ACE of the speciﬁed ACL gives all project members

read, write, and execute access to the directory; the second ACE gives them read,

write, and execute access for all ﬁles created in the directory.

Note that project members are not allowed to delete (or control) ﬁles created by

others. However, the members each have complete access to ﬁles that they have

created in the directory, because the ﬁle system supplies an additional default

ACL entry that grants to the creator control access plus the access speciﬁed in

the OWNER ﬁeld of the UIC-based protection mask. This ACE appears only

when the owner of the created ﬁle does not match the UIC of the creator.

Thus, when LINDORF creates the ﬁle [KITE_FLYING]THURSDAY.TXT, the ﬁle

receives the following access control list by default:

(IDENTIFIER=LINDORF,OPTIONS=NOPROPAGATE,

ACCESS=READ+WRITE+EXECUTE+CONTROL)

(IDENTIFIER=KITE_FLYING,ACCESS=READ+WRITE+EXECUTE)

You can use the Creator ACE command in the ACL editor to add an extra ACE

to the ACL for a ﬁle created within the directory to which you assign the Creator

ACE. The Creator ACE applies only when the following conditions exist:

• The ﬁle being created is not owned by the user identiﬁcation code (UIC) of the

process creating the ﬁle.

7–36 Managing User Accounts