Controlling Other Resources

Previous page
Table of content
Next page

As mentioned previously, security exists on eight classes of OpenVMS resources. Examples so far have been applied to files. Now we briefly look at some print queue examples. More specifically, the default privileges on a print queue permit a user to delete only his or her jobs; however, because security is managed on this resource, specific print queues may have certain characteristics altered. For instance, a user may be limited to a single printer or a group of printers. Thus, the granularity of the security ranges from a single user to a group of users to all users.

The default protection on a print queue is illustrated as follows. Each protection element shows the highest security level. For instance, System has Management (M) rights on the queue, and that includes all other rights. The Owner (who is SYSTEM in this case) has Job Delete (D) rights. The Group (i.e., SYSTEM again) has Read (R) rights, so all jobs in the queue may be displayed. The World has only Submit (S) rights. World cannot display jobs in the queue or manage the queue in any way. Notice also that an ACL is associated with the queue. This means that ACL protection discussed earlier can be applied to a specific user or group of users.

      $ show sec /class=queue hotpink2      HOTPINK2 object of class QUEUE           Owner: [SYSTEM]           Protection: (System: M, Owner: D, Group: R, World: S)           Access Control List: <empty>

In a trusted environment, the manager may want to elevate World privileges to permit any user to delete any job. So the manager could issue the following command:

     $ set security /class=queue /protection=(W:RDS) hotpink2

which would result in the desired change.

     $ show sec /class=queue hotpink2     HOTPINK2 object of class QUEUE          Owner: [SYSTEM]          Protection: (System: M, Owner: D, Group: R, World: DSR)          Access Control List: <empty>

Alternately, the manager could also add a /PROTECTION clause to the INITIALIZE ... HOTPINK2 command described in Chapter 5.

The reader may have noticed that the protection codes deviated from the expected RWED because of the capabilities of the resource. Likewise, if ACL access codes were used, they are expanded as well. For instance, one user could be given delete privilege to a particular queue, making this user the local printer operator.



Previous page
Table of content
Next page
Getting Started with OpenVMS System Management
Getting Started with OpenVMS System Management (HP Technologies)
ISBN: 1555582818
EAN: 2147483647
Year: 2004
Pages: 130
Authors: David Miller
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Certified Ethical Hacker Exam Prep
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
MySQL Cookbook
Twisted Network Programming Essentials
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy