PATHWORKS for OpenVMS (Advanced Server)
Server Administrator's Guide


Previous Contents Index

4.4.5.2 File Access Permissions

The following table lists the access permissions you can specify for a file using the SET FILE/PERMISSIONS command.

Table 4-8 File Access Permissions
File Access Permission Description
CHANGE Can display the file, run the file if it is a program, change the file, and delete the file.
FILE_SPECIFIC=( access) Can grant the following specific access rights to the file:
  When access specified is... The user...
  CHANGE_PERMISSIONS Can change file permissions.
  DELETE Can delete the file.
  EXECUTE Can run the file, if it is a program.
  FULL Has complete access to the file.
  NONE Has no access to the file.
  READ Can view the file.
  TAKE_OWNERSHIP Can take ownership of the file.
  WRITE Can change the file.
FULL_CONTROL Can display the file, run the file if it is a program, change the file, delete the file, change permissions on the file, and take ownership of the file.
NONE Has no access to the file. This prevents access even if the user is a member of a group that has access to the file.
READ Can display the file, and run the file if it is a program.

4.4.5.3 File and Directory Access Permissions

The following table lists the types of access users can have and the permissions to set on directories.

Table 4-9 Directory Access Permissions and Actions on Directories
User can... NONE LIST READ ADD ADD AND READ CHANGE FULL CONTROL
Display directory file names   X X   X X X
Display directory attributes   X X X X X X
Go to directory subdirectories   X X X X X X
Change directory attributes       X X X X
Create subdirectories and all files       X X X X
Display directory owner and permissions   X X X X X X
Delete the directory           X X
Delete any file or empty subdirectory in a directory             X
Change directory permissions             X
Take ownership of the directory             X

The following table lists the types of access users can have to files and the permissions to set on directories.

Table 4-10 Directory Access Permissions and Actions on Files
User can... NONE LIST READ ADD ADD AND READ CHANGE FULL CONTROL
Display file owner and permissions     X   X X X
Display file data     X   X X X
Display file attributes     X   X X X
Run a program file     X   X X X
Change file attributes           X X
Change data in and append data to the file           X X
Delete the file           X X
Change the file permissions             X
Take ownership of the directory             X

4.4.6 Displaying File and Directory Access Permissions

To display directory and file permissions, use the SHOW FILES/FULL command, specifying a share name and its path. For example, with an existing share called RAINBOW and a file called LOGS.TXT, you can display permissions and ownership.


LANDOFOZ\\TINMAN> SHOW FILES RAINBOW\LOG.TXT /FULL 
 
Files in: \\TINMAN\RAINBOW 
     LOGS.TXT 
          Permissions: 
              Administrators            Full (All) 
              Everyone                  Change (RWXD) 
              Server Operators          Change (RWXD) 
              SYSTEM                    Full (All) 
          Audit Events: (None specified) 
          Owner: LION 
 
     Total of 1 file 
 
LANDOFOZ\\TINMAN> 

4.4.7 Mapping PATHWORKS Advanced Server Permissions to OpenVMS Protections

If the PATHWORKS Advanced Server and OpenVMS security model is enabled, and a PATHWORKS Advanced Server user attempts to access a file or directory, the access must be allowed by two sets of permissions: PATHWORKS Advanced Server permissions, and OpenVMS file and directory protections.

OpenVMS Protections

Every file on an OpenVMS system has four protection codes:

For information on setting OpenVMS system file protections, see the SET PROTECTION command in your OpenVMS system documentation. You may also want to review the information on OpenVMS ACLs (access control lists) in the OpenVMS System Manager's Manual.

When a PATHWORKS Advanced Server user attempts to access a file, the following rules govern what OpenVMS system protections control the access:

4.4.8 Auditing Directory and File Access

When you assign permissions for a resource, you can also audit use of the resource. The PATHWORKS Advanced Server can write an entry to the Security event log whenever a user accesses the resource in a certain way. The audit entry shows the resource, action performed, user who performed it, and date and time of the event.

Events that PATHWORKS Advanced Server can audit for directory and file access include:

For more information about auditing and viewing events, refer to Chapter 6, Monitoring Events and Troubleshooting.

4.4.9 Taking Ownership of Files or Directories

When you create a file or directory, you become its owner. By granting permissions, the owner controls how the file or directory is used. The owner can grant permission to another user to take ownership of a file or directory. Otherwise, you must be logged on as a member of the Administrators group to take ownership. Although an administrator can take ownership, an administrator cannot transfer ownership to others. This preserves security. To make sure that your files are secure, you should check their ownership regularly using the SHOW FILES/OWNER command.

To take ownership of a file or directory:

Use the TAKE FILE OWNERSHIP command as follows:


TAKE FILE OWNERSHIP UNCpath [/qualifiers]) 

For example, the following command takes ownership of the file called SIMIANS.DAT that is stored on domain LANDOFOZ in the directory \WITCH\MKEY. The directory is on server TINMAN and the UNC path is WITCH\MKEY\SIMIANS.DAT.


LANDOFOZ\\TINMAN> TAKE FILE OWNERSHIP WITCH\MKEY\SIMIANS.DAT 
%PWRK-S-FILEMOD, "\\TINMAN\WITCH\MKEY\SIMIANS.DAT" modified 
 
LANDOFOZ\\TINMAN> 

4.4.10 File-Naming Conventions

An operating system's file system determines the conventions that apply to file and directory names. When you use the PATHWORKS Advanced Server, you can use long file and directory names, much as with OpenVMS. Windows NT, Windows 95, and Windows 98 provide long file names, but Windows V3.11 and DOS do not.

All files stored on the PATHWORKS Advanced Server are subject to the PATHWORKS Advanced Server file naming conventions.

4.4.10.1 PATHWORKS Advanced Server File Naming

The PATHWORKS Advanced Server uses the naming conventions shown in the following table. An X in the table indicates whether the convention is different from that used by OpenVMS.

Note

PATHWORKS Advanced Server stores file names as all uppercase characters.

Table 4-11 PATHWORKS Advanced Server File-Naming Conventions
Convention Same as OpenVMS Different from OpenVMS
Names can be up to 78 characters long, including the extension. Separate the extension from the name using a period.   X
Names can contain any lowercase letter or special character except for the following:

? " / \ < > * | :

  X
Any OpenVMS system file or directory name that contains excluded characters is neither visible nor accessible to PATHWORKS Advanced Server client workstations.   X

4.4.10.2 MS-DOS and Windows File Naming

If you are using the PATHWORKS Advanced Server in an environment where long file names are not always supported, users must continue using MS-DOS file naming conventions. Check the file-naming conventions on your client systems by looking at their files and directories. For example, if your clients are running Windows V3.11, or older Windows applications that only recognize the 8.3 file format, file names must follow the 8.3 file-naming convention; if your clients are running Windows 95 or Windows 98, they can use long file names.

From an MS-DOS system, your clients can use the following conventions for naming files:

Table 4-12 MS-DOS File-Naming Conventions
Convention Same as OpenVMS Different from OpenVMS
The name of a file or directory can have two parts: a name and an optional extension. The two parts are separated by a period. X  
The name can contain up to eight characters, and the extension can contain up to three characters (8.3 convention).   X
The name must start with either a letter or number. It can contain any upper or lowercase alphanumeric characters except for the following:

? " / \ < > * | : [ ] ; = , +

  X
The name cannot contain any spaces. X  
The following names are reserved and cannot be used for files or directories:

AUX, COM1, COM2, COM3, COM4, CON, LPT1, LPT2, LPT3, NUL, PRN

  X

4.4.10.3 Windows NT File Naming

From a Windows NT system, your clients can use the following conventions for naming files:

Table 4-13 Windows NT File-Naming Conventions
Convention Same as OpenVMS Different from OpenVMS
The name of a file or directory can have two parts: a name and an optional extension. The two parts are separated by a period. X  
The name can contain up to 255 characters, and the extension can contain any number of characters within the 255 character limit.   X
Names preserve uppercase and lowercase characters, but are not case sensitive.   X
The name must start with either a letter or number. It can contain any uppercase or lowercase alphanumeric characters except for the following:

? " / \ < > * | :

  X
The name cannot contain any spaces. X  
The following names are reserved and cannot be used for files or directories:

AUX, COM1, COM2, COM3, COM4, CON, LPT1, LPT2, LPT3, NUL, PRN

  X

4.4.10.4 Windows 95 and Windows 98 File Naming

From a Windows 95 or Windows 98 system, you can use the following conventions for naming files:

Table 4-14 Windows 95 and Windows 98 File-Naming Conventions
Convention Same as OpenVMS Different from OpenVMS
The name of a file or directory can have two parts: a name and an optional extension. The two parts are separated by a period. X  
The name can contain up to 255 characters, and the extension can contain any number of characters within the 255 character limit.   X
The name must start with either a letter or number. It can contain any uppercase or lowercase alphanumeric characters except for the following:

? " / \ < > * | :

  X
The name can contain spaces.   X
The following names are reserved and cannot be used for files or directories:

AUX, COM1, COM2, COM3, COM4, CON, LPT1, LPT2, LPT3, NUL, PRN

  X


Previous Next Contents Index