HP OpenVMS Systems

ask the wizard
Content starts here

Restricting OpenVMS User Access?

» close window

The Question is:

How can I limit a particular user to its home directory only? Meaning he/she
 cannot access other directories other than that of its home directory.

The Answer is :

  The typical OpenVMS product implements security by:
	1) establishing the ownership and protection of resources, and
	2) granting users rights or resource identifiers.
  All resources, e.g. files, directories, disk volumes, etc., are owned.
  The owner can be a specific user or rights identifier.  The owner of
  a resource has the ability to change the protection of it, amongst
  other things.
  The protection of a resource can range from simple to elaborate.  It
  might allow only a lone particular user access and deny all others.  It
  might have a long list of rights identifiers allowed access, followed
  by long list of others explicitly denied, and even include triggers
  for generating alerts when accessed by yet other users, etc.
  The initial protection of a resource when it is created can be controlled.
  A user can be granted no rights, one right, or many rights.
  If the protection of a resource is set to allow unrestricted access then
  even a user with no granted rights is allowed access to it.
  To "limit a particular user to their home directory only", you must first
  establish security on the other sensitive resources appropriately -- the
  SET DEFAULT and similar commands are far less than the access potentially
  available to a user.
  Alternatively, you could use a CAPTIVE or (potentially) RESTRICTED
  username and the associated command procedure -- this can completely
  isolate the user.
  For details on this topic, please skim the security manual in the OpenVMS
  documentation set.

answer written or last revised on ( 15-APR-2002 )

» close window