Rights Lists


An unprivileged user can control his or her files using ACL and UIC mechanisms, but only the manager can create arbitrary groups of users. This is done with a mechanism called the rights identifier. The use of a rights list makes management easier. Suppose I put STUROSS and HICKEY into a group named DM_RIGHT. Then the ACL list on this file becomes a single entry. The rights list is controlled by the manager with AUTHORIZE. Using groups based on the rights list is a three-step process:

  • The manager creates the identifier.

  • The manager associates the identifier with a number of users forming a group.

  • The user (or the manager) creates an ACL for the identifier.

The following commands the manager would use to accomplish this task:

     $ RUN AUTHORIZE     UAF> ADD/IDENTIFIER DM_RIGHT     UAF> sho /id dm_right       Name                            Value           Attributes       DM_RIGHT                        %X8001001B     UAF> GRANT/IDENT DM_RIGHT HICKEY     UAF> GRANT/ID DM_RIGHT STUROSS     UAF> sho /right/user=stuross     Identifier                        Value           Attributes       DM_RIGHT                        %X8001001B     UAF> EXIT 

Now DMILLER can issue the following commands

     $ SET SEC/ACL=(id=DM_RIGHT,access=read) login.com     CSLab::DMILLER? sho sec login.com     FACULTY:[DMILLER]LOGIN.COM;101 object of class FILE          Owner: [DMILLER]          Protection: (System: RWED, Owner: RWED, Group, World)          Access Control List:               (IDENTIFIER=DM_RIGHT,ACCESS=READ) 

Notice that there is some confusion between the identifier (i.e., the name of the rights-identifier) and the assignment of this right to a user. UAF>SHOW /ID lists the identifier, while UAF>SHO /RIGHT lists the user information. As you can see in the example, identifiers may have attributes, such as hiding the identifier name from the user.




Getting Started with OpenVMS System Management
Getting Started with OpenVMS System Management (HP Technologies)
ISBN: 1555582818
EAN: 2147483647
Year: 2004
Pages: 130
Authors: David Miller

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net