HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Pls discuss its purpose for the followwing command:set security/acl=(option=default)

 
SOLVED
Go to solution
kismet_1
Advisor

Pls discuss its purpose for the followwing command:set security/acl=(option=default)

Are there any difference that the command have the option and have not?
7 REPLIES
Ian Miller.
Honored Contributor

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

an ACE with options=default is used on a identifier ACE on a directory to specify a ACE to be applied to new files created in then the ACE would speccify access to the directory.
____________________
Purely Personal Opinion
Jan van den Ende
Honored Contributor
Solution

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

Kismet,

with this command you invoke the second stage of a sequence of security options.

One of the things that can be defined in the security ACLs of directory files, is the clause O=D (short for: OPTIONS=DEFAULT)
This just means, that the options specified are NOT active for this file, but apply to files created IN this directory (nota bene: SPECIFIC protection settings on the creation command takes precedence, and after that, for creating higher versions of existing files, THEIR protection does) the ACL option protection is applied.

Now, if there somehow is or might be a discrepancy, and you want the protection changed to that specified by the ACL of the directory, THEN you use this command, to make the specified file(s) have the protection as specified in the directory ACL

hth,

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
kismet_1
Advisor

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

Thanks very much above two friends !
Joseph Huber_1
Honored Contributor

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

Just adding some points:
You can have both types on a directory:
the one without the option=default applies to the directory file itself, and specifies for example who can write (create files) in the directory (which could be access=R+W+E).
The default ACE specifies the access rights for the files created in the directory, which could be restricted to Read-only for example.

And if You are going to correct the directory mentioned in Your other thread about sql output: files already existing when You set the ACL on the directory are not affected, You have to set it on all files individually:
$ set acl/acl=(ident=...,access=...) [.mydir]*.*;*

Identifiers in an ACL need not be UICs or usernames:
It can be any identifier with the RESOURCE attribute (in AUTHORIZE created by a command like ADD/IDENT sqluser /attrib=RESOURCE.
You can then grant the identifier to all users which should be able to produce files in the directory, and SET/OWNER=sqluser mydir.DIR .
http://www.mpp.mpg.de/~huber
kismet_1
Advisor

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

Thanks your adding!
Ian Miller.
Honored Contributor

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

See also SET SECURITY/DEFAULT which can be used, after you have set default acls on directories, to ensure the existing files in a directory have the correct protection.
____________________
Purely Personal Opinion
comarow
Trusted Contributor

Re: Pls discuss its purpose for the followwing command:set security/acl=(option=default)

Default should give the same protection to the files in the directories. That's very useful for file ownership and disk quotas.


I haven't done it in a while. Great for shared project directories.