 |
The Question is:
how can i implement directory level security so the only the owner of the files
in that specific directory can view,modify and delete the files created by him.
i also want to implement the security that only the owner can ftp files created
by him.
how can i complete this task.
The Answer is :
Security can be discretionary and thus you can establish default
security settings but the user can override these, or security can
be mandatory and the users cannot alter the security attributions.
OpenVMS provides discretionary security. Those OpenVMS releases
with SEVMS releases available and installed provide non-discretionary
(mandatory) security.
You cannot prevent a user from setting the protections on any object
that the user owns, as such a user has what is known as control access
to the object. (A corrollary here: if the user does not own the object,
then the user cannot alter the protections. This is available on OpenVMS
using ACLs and identifiers, and most commonly involves the use of the
so-called resource identifier mechanism.)
In security terminology, an object is a file, directory, queue, global
section, or other such security-relevent construct.
Ownership of an object is determined based on the UIC value assigned
to the object. Access is determined by comparing the object ownership
and the object protection mask and any ACL that might be associated
with the object against the UIC and identifiers of the accessor.
OpenVMS Engineering recommends that all users be assigned unique
UIC values.
To establish default protections on an object such as a directory,
you can use the DEFAULT_PROTECTION access control list entry (ACE).
Within a process, use the SET SECURITY/DEFAULT command to establish
local defaults for objects the process might create. Also see the
RMS_FILEPROT system parameter. The SET PROTECTION/DEFAULT command
referenced in your question is also available and is a direct
ancestor of SET SECURITY/DEFAULT, though that DCL command syntax
was depreciated starting with OpenVMS V6.0.
To estabish mandatory protections (assuming SEVMS is installed and
running), you must use the SET SECURITY command to associate the
object (likely) with a security category and to configure the user
with access to the category. You likely do not need nor want to
use different security levels or security ranges here, though that
is an option.
For details on OpenVMS security and on configuring and customizing
security, please see the security manual. For details on SEVMS,
please see the SEVMS documentation set. The former is available
at the website. The latter is not. When configuring security,
you WILL want to become familiar with the manual, and particularly
with the configuration recommendations in the appendix.
For users with privileges and other security-related topics, please
see topics (3289), (5639), (7368), and others.
|
|
|
|
|
