Technical data

ManualsBrandsCompaq ManualsPrinterLA36

371

372

373

374

375

376

377

378

379

380

Using Files and Directories

10.5 Protecting Files

tape volume. See the description of initializing magnetic tape volumes in

Section 9.3.

The next example illustrates how you can use the SHOW PROTECTION

command to display the default protection characteristics for disk ﬁles.

Example

$ SHOW PROTECTION

SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS

In this example, the SHOW PROTECTION command requests a display of the

current protection defaults.

10.5.3 Protecting Disk Files

Each ﬁle on a disk has its own protection code, which is distinct from the

protection that applies to the disk volume itself. Files residing on disk volumes

have the access types shown in Table 10–2.

Table 10–2 Access Types with Disk File Protection

Access Type Gives you the right to...

Read Read, print, or copy a disk ﬁle. Read access automatically includes execute

access to a speciﬁed ﬁle or group of ﬁles on disk.

Write Write to or change the contents of a ﬁle, but not delete it. Write access

allows modiﬁcation of the ﬁle characteristics that describe the contents of

the ﬁle.

Execute Execute a ﬁle that contains an executable program image or DCL

command procedure.

Delete Delete the ﬁle. To delete a ﬁle, you must have delete access to the ﬁle and

write access to the directory that contains the ﬁle.

Control Change ﬁle characteristics, including the protection code and ACL. Special

restrictions apply to changing the owner of a ﬁle.

If you do not deﬁne a protection code for a ﬁle when you create it, the system

applies default protection. If a version of the ﬁle already exists, protection is

taken from the previous version.

For a new ﬁle, the system determines protection in two major ways:

• If the directory where the ﬁle is to be cataloged has an associated access

control entry (ACE) that speciﬁes the default protection, the system uses the

speciﬁed protection.

• If the directory does not have the default protection ACE, the system uses

the default process protection. You establish the default process protection

explicitly with the SET PROTECTION/DEFAULT command, or by default

when you log in.

For disk volumes, each ﬁle on the volume can have a different protection

associated with it. The SET SECURITY/PROTECTION command and other

ﬁle-manipulating commands allow you to deﬁne the protection for individual ﬁles.

Note

To protect a ﬁle completely, you must protect both the ﬁle itself and the

directory that lists the ﬁle. To protect a ﬁle against unauthorized access,

Using Files and Directories 10–15