If I understand your question, you want to make sure the security of a specific file matches that of a previous version? Try this procedure (to be executed before installing the image):
checkprot.com
$ IF p1.EQS."" THEN INQUIRE p1 "File"
$ latest=F$SEARCH(p1-F$PARSE(p1,,,"VERSION")) ! Find latest version
$ previous=F$SEARCH(latest-F$PARSE(latest,,,"VERSION")+";-1") ! Find previous version
$ IF previous.NES."" ! If previous version exists
$ THEN ! Compare protection strings
$ IF F$FILE_ATTRIBUTES(latest,"PRO").NES.F$FILE_ATTRIBUTES(previous,"PRO")
$ THEN ! If not identical, propagate security from previous version
$ SET SECURITY/LIKE=(NAME='previous',CLASS=FILE) 'latest'
$ ENDIF
$ ENDIF
Note that this does a bit more than you asked - the entire security profile is copied from the previous version. One potential problem is if the protection masks are the same, but the ACL is different. You could fix that by unconditionally setting the security if the previous version exists. Only downside is you will do it every time, as long as the old file exists.
A crucible of informative mistakes
