Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
381382383384385386387388389390
Using Files and Directories
10.5 Protecting Files
Note
To protect sensitive files, the directory protection alone is not adequate.
You must also protect each individual file contained within the directory.
Section 10.5.3 contains instructions for protecting disk files.
By default, top-level directories receive UIC-based protection
(S:RWE,O:RWE,G:RE,W:E) and no ACL. A newly created subdirectory receives
the same protection as its parent directory, but delete access is removed from all
categories.
Guidelines for specifying UIC-based protection on a directory follow.
To specify UIC-based protection explicitly when creating a directory, use the
/PROTECTION qualifier with the CREATE/DIRECTORY command. You
cannot specify an ACL for the directory before you create the directory.
To change the UIC-based protection of an existing directory, use the SET
SECURITY/PROTECTION command for the directory file.
You can limit but not prohibit directory access by specifying execute access
but not read access. Execute access on a directory permits you to examine
and read files that you know are in the directory (that is, you know the
file specifications) but prevents you from displaying a list of the files in the
directory.
The following sections explain how to change directory protection characteristics
and default ACL protection.
10.5.4.1 Changing Directory UIC Protection Characteristics
The DCL command SET DIRECTORY modifies the characteristics of one or more
directories.
Example
$ SET DIRECTORY/OWNER_UIC=[360,020] [DAVIS],[USERS]
The SET DIRECTORY command in this example modifies both the [DAVIS]
and [USERS] directories, changing their owner UICs. Using the /OWNER_UIC
qualifier requires SYSPRV (system privilege).
10.5.4.2 Changing Default ACL Protection
You can override default UIC protection for specified directories or subdirectories
by placing a default protection ACE in the ACL of the appropriate directory file.
The default protection specified in the ACE is applied to any new file created in
the specified directory or in any subdirectory of the directory.
Example
The following ACE, which must be in the ACL of a directory file, specifies that
the default protection (for files created in the directory and its subdirectories) will
allow system and owner processes full access, group processes read and execute
access, and world users no access:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G:RE,W:)
Using Files and Directories 1021