The File System

File Attributes


In this section we
describe aspects of a file that control how files can be secured from use by other users, or how they can be made more widely available. We will also describe how access control lists can be used to limit access to only a selected few users.

Understanding Protection Codes

There are four types of operations that can be performed on a file: read, write, execute, or delete. These are described in Table 3.4.

Table 3.4: File Access Levels

Users expect that the security of files they own (i.e., those in their own directories) will be guaranteed. User files must somehow be protected from unauthorized operations, while simultaneously being available to other authorized users. All time-sharing computers provide for the necessary controls by a system of protection and privilege. Privilege is not usually a matter of importance to the general user, but protection is, and a brief explanation of it is presented below.

In OpenVMS systems, files are either protected against or not protected against the ability of some user to read, write, execute, and delete them. There are four categories of users: system, owner, group, and world. Users have system-level access if their user identification code*1 (UIC) identifies them as persons responsible for system level operations, or if they have been explicitly granted such privileges by the system managers. The owner of a file is the user whose UIC matches the OWNER_UIC file attribute. If group access is allowed for a particular file, then it can be used by any user whose UIC begins with the same number as the file's owner (group IDs can also be ASCII character strings). When world access is set, the file can be used by anybody who can log on to the system or access it over the network, regardless of their UIC. These categories are summarized in Table 3.5.



Table 3.5: User Categories

File protection codes can be displayed using the DIR/PROT command, as shown in Figure 3.5. Wildcards can be used to display codes for several files simultaneously.



Figure 3.5: Directory Listing Showing File Protection Codes

Protection codes are always shown in the order: SYSTEM, OWNER, GROUP, and WORLD. Thus, a file whose protection code is specified as (RWE,RWED,RE,E) in the output from a DIR/PROT command, means that a system user has read, write, and execute privileges; the owner has all privileges; group members have read and execute privileges; and everybody else (world) has only execute privileges. However, a file with protection code (RWED,RWED,,) is one which denies any kind of access to the group or to the world, but which allows complete access by both system and owner.

In OpenVMS, the default protection of all files created by users operating within their own directories is (RWE,RWED,RE,E).

Setting Protection Codes

As explained in the previous section, there are four basic actions that can be performed on files: reading, writing, executing, and deleting. By properly setting the protection code you can dictate which of these actions can be done by whom.


Some programs, such as MAIL, will fail if the system protections are changed.


Suppose you have a file called PHONE.NUM;1 that contains a list of important phone numbers, and that has the protection code (RE,RWED,,) which indicates that system level users have read and execute privileges, the owner has all privileges, and other users are denied all access. If you want to expand this to permit all users to read the file you would type the following command:

$ SET PROTECTION=(S:RE,O:RWED,G:R,W:R) PHONE.NUM;1

Spacing and punctuation are important in specifying protection codes, otherwise you will either get an error message or incorrectly set your protection.


There is a shorter way to expand privileges associated with a file. New privileges may be entered without repeating the existing protection code. For example, the privileges set in the previous command could also be set with the following command:

$ SET PROTECTION=(G:R,W:R)
Because the system and owner privileges were not being modified, only the group and world privileges were specified in the new command. The next short sections describe common ways of setting protections.

Setting Protection on Multiple Files

Suppose that you have several files containing lists of numbers (e.g., phone numbers, account numbers, or Social Security numbers), all with the file type .NUM. To allow all users to read and write these files, use the following command:

$ SET PROT=(G:RW,W:RW) *.NUM;*
This causes all files with type .NUM to have the protection code (S:RE,O:RWED,G:RW,W:RW). Note in this example that:

Although the previous examples specified the file name on the command line, you can omit the file name allowing the system to prompt you. If you are setting the file protection for several files you may want to consider putting the files in a common directory and then setting the protection for the directory.

Allowing Group Write Access

A common addition to a file protection code is to allow users within your group to have write privileges. This can be set using the wildcard to designate all files, as in the following command:

$ SET PROT=(G:W) *.*;*

Restricting Access

File protections can be set to take away access privileges by simply specifying the class of user without any access types. For example, to deny group and world access to all files in the current directory, you would type:

$ SET PROT=(G,W) *.*;*

Default Protection

You can set a default file protection that will be applied to every file you create. The following command changes the default file protection (this can be added to your LOGIN.COM file).

$ SET PROT=(S:R,G:RW,W,O:RWED)/DEFAULT

Access Control Lists

The VMS operating system has a feature called access control lists (ACL). The ACL is essentially a rights data base that extends file access to specific users. This can be especially useful when you want to give access privileges to only a few users in a group--but not all group members, or when you want to give access to select users in different groups. More information is available in the online help, type HELP SET ACL.

Before setting up an access control list, consult your system manager. The system manager can help you choose which of the many available options are best for your situation.

Backup

Each weekday evening, computer operators regularly back up all modified files on all disks but the scratch disk (DISK$SCRATCH).*2 During backup, all files created or modified since the last backup are copied to magnetic tapes for storage. The backup tape provides a way to recover a file if you mistakenly delete it, or if it becomes corrupted for some reason. If you accidentally delete a major file from your directory, contact the operators (extension 4905, or send e-mail to OPER) to see if you can get the file recovered. You will be asked to complete a form describing the file to be recovered.

Some files may not be recoverable. The following situations describe when files may and may not be recovered (Table 3.6 describes the backup schedule):



Table 3.6: Backup Schedule

The BACKUP Utility

Even though regular backups are done, you may want to create your own backup files if you have critical data. You can backup to either tape or disk (for information about using BACKUP with tapes, see page 175). While it is possible to create a copy of a file using the COPY command, a better way is to use the BACKUP utility, which compresses the file saving disk space and checks the validity of the backup copy using a cyclic redundancy check. The basic syntax used to invoke the BACKUP utility is:

$ BACKUP/qualifier input_file output_file
Understanding Protection Codes
Table 3.4: - File Access Levels
Table 3.5: - User Categories
Figure 3.5: - Directory Listing Showing File Protection Codes
Setting Protection Codes
Setting Protection on Multiple Files
Allowing Group Write Access
Restricting Access
Default Protection
Access Control Lists
Backup
Table 3.6: - Backup Schedule
The BACKUP Utility

Generated with CERN WebMaker