HP OpenVMS Systems

Ask the Wizard Questions

SYSUAF.DAT protection

The Question is:

Why is the protection of SYSUAF.LIS hard-coded in AUTHORIZE?

The following log fragment shows that AUTHORIZE disregards default
protection and also disregards protection of a previous version of SYSUAF.LIS

$ directory /protection sysuaf.lis
%DIRECT-W-NOFILES, no files found
$ show protection
  SYSTEM=NO ACCESS, OWNER=RWED, GROUP=NO ACCESS, WORLD=NO ACCESS
$ mcr authorize list /brief system
%UAF-I-LSTMSG1, writing listing file
%UAF-I-LSTMSG2, listing file SYSUAF.LIS complete
$ directory /protection sysuaf.lis

Directory GRPDSK:[C753330]

SYSUAF.LIS;1         (RWD,RWD,RW,)

Total of 1 file.
$ set protection=(g) sysuaf.lis
$ directory /protection sysuaf.lis

Directory GRPDSK:[C753330]

SYSUAF.LIS;1         (RWD,RWD,,)

Total of 1 file.
$ mcr authorize list /brief system
%UAF-I-LSTMSG1, writing listing file
%UAF-I-LSTMSG2, listing file SYSUAF.LIS complete
$ directory /protection sysuaf.lis

Directory GRPDSK:[C753330]

SYSUAF.LIS;2         (RWD,RWD,RW,)
SYSUAF.LIS;1         (RWD,RWD,,)

Total of 2 files.

The Answer is:

The reason is to prevent a prived user from unintentionally creating
a world-readable file containing sensitive information, either by
having world-read as an RMS default or by having a previous version
of the file with world-read protection.

This can be circumvented by placing an ACL granting the desired
access on a previous version of the file.