Ask the Wizard Questions
Security: SET FILE/OWNER=[x,*]
The Question is:
$ SET FILE/OWNER=[group,*]
This command (using any group) causes serious headaches for
Firstly, this can be performed by anyone, without any
elevated privileges. This means that it can be easily used
to bypass disk quotas and make disk accounting extremely
Secondly, here's a very disturbing side-effect
$ COPY *.COM *.TEST
$ SET FILE/OWNER=[group,*] *.test
$ DELETE *.*;*/BY_OWNER=[group,*]
ALL files in the directory are now deleted, not just those
with the funny owner.
Similarly, all commands that take the /BY_OWNER qualifier,
including SET FILE/OWNER, are unable to process the resultant
files, and instead return all files. This makes it really
difficult to even find the resultant files.
What is the rationale behind allowing this ownership setting,
and why can we not have a flag to turn it off? It does not
allow what the use may intend - group ownership of the file.
The Answer is:
This is odd. I can't use group identifiers under OpenVMS V6.1/Alpha
at all, regardless of privilege:
$ set file/owner=[100,*] dummy.owner
%SET-E-NOTSET, error modifying DISK$USER1:[GILLINGS]DUMMY.OWNER;1
-SYSTEM-F-BADOWNER, owner UIC is invalid; object ownership not changed
Same behaviour under OpenVMS/VAX V6.1
Under OpenVMS/Alpha V7.0, I get a privilege violation:
$ set file/owner=[200,*] login.com
%SET-E-NOTSET, error modifying USER$TSC:[GILLINGS]LOGIN.COM;1
-SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
I think we need more details of precisely what the customer is doing.