Technical data

ManualsBrandsCompaq ManualsPrinterLA36

381

382

383

384

385

386

387

388

389

390

Using Files and Directories

10.5 Protecting Files

10.5.4 Protecting Disk Directories

Each directory has a protection associated with it. Directory protection can

override the protection of individual ﬁles within the directory. For example, if a

directory denies world access, world users cannot look up ﬁles in that directory

even though the ﬁles permit world access.

For directory protection, you can use the access types shown in Table 10–4.

Table 10–4 Access Types for Directory Protection

Access

Type Gives you the right to...

Read Examine, print, or copy a ﬁle. If you have read access to a directory, you can display the

contents of the directory with the DIRECTORY command. For example, if you have read

access to the directory [JONES], you can enter the following command:

$ DIRECTORY [JONES]

This command displays the ﬁles contained in the [JONES] directory.

With read access, you can access any ﬁle listed in the directory, unless the protection on that

ﬁle denies you access. If the protection applied to the whole directory denies you read access,

then you cannot access even those ﬁles in the directory that permit access to users in your

group.

Write Modify or write to a directory. However, you must have both read and write access to a

directory to create ﬁles in the directory, to rename ﬁles in the directory, or to perform any ﬁle

operation that involves changes to the directory ﬁle.

Execute Access ﬁles by name but not list all the entries in a directory (that is, to use speciﬁc or implied

wildcards) when applied to directories. For example, assume that you have execute access to

the [JONES] directory, and you enter the following command:

$ DIRECTORY [JONES]

The system responds with an error message of ‘‘insufﬁcient privilege or ﬁle protection violation’’

and does not list the ﬁles in the [JONES] directory. However, if you know that the ﬁle

DATAFILE.DAT resides in the [JONES] directory, you can enter the following command:

$ TYPE [JONES]DATAFILE.DAT

The system displays the contents of the ﬁle. Thus, with execute access, you can perform some,

but not all, of the operations that you can with read access. (Access to individual ﬁles is still

controlled by their ﬁle protection.)

As another example, to display the contents of the EXPENSES.DAT ﬁle, you must have read

or execute access to each directory in the directory tree, that is, to the JONES, REPORTS, and

JUNE directories:

$ TYPE [JONES.REPORTS.JUNE]EXPENSES.DAT

Delete Delete a directory ﬁle. You must remove all entries from a directory before you can delete the

directory ﬁle. When you create a directory with the CREATE/DIRECTORY command, you do

not, by default, get delete access. If you want to be able to delete a directory ﬁle, you must

use the DCL command SET SECURITY/PROTECTION to explicitly assign delete access to the

owner category.

Control Change the characteristics of a directory.

Using UIC Directory Protection

You cannot completely protect a ﬁle without applying at least the same protection

to the directory in which the ﬁle resides. For example, if you deny a user all

access to a ﬁle but allow that user read access to the ﬁle’s directory, the user

cannot access the contents of the ﬁle but can see that it exists. Conversely, a

user allowed access to a ﬁle and denied access to the ﬁle’s directory (or one of the

parent directories) cannot see that the ﬁle exists.

10–20 Using Files and Directories