- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: changing fdl file protection
Operating System - OpenVMS
1752596
Members
5299
Online
108788
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 03:20 AM
тАО07-02-2008 03:20 AM
changing fdl file protection
What is the exact command to change FDL file protections so that all users can be able to add/remove FDL files
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 03:40 AM
тАО07-02-2008 03:40 AM
Re: changing fdl file protection
1. Give write access to world on the parent directory. Set file/prot=(w:rwe) x.dir
2. Set an acl on the parent directory to create all future files without protection.
set sec x.dir/acl=(default,s:rwed,o:rwed,g:rwed,w:rwed)
3. Change all fdl files to get that protection set file *.fdl/prot=(s:rwed,o:rwed,g:rwed,w:rwed)
Wim
2. Set an acl on the parent directory to create all future files without protection.
set sec x.dir/acl=(default,s:rwed,o:rwed,g:rwed,w:rwed)
3. Change all fdl files to get that protection set file *.fdl/prot=(s:rwed,o:rwed,g:rwed,w:rwed)
Wim
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 03:41 AM
тАО07-02-2008 03:41 AM
Re: changing fdl file protection
This opens of course the directory for all files, not only *.fdl.
Wim
Wim
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 04:04 AM
тАО07-02-2008 04:04 AM
Re: changing fdl file protection
As Wim replies, FDL files are just (text) files and have not special protection rules.
FDL files may have an OWNER and PROTECTION clause in them for the target file, but that is often mre a nuisance than help. Just set the protection after the target file create, if needed at all.
It is somewhat odd to allow all uses to add and delete FDL files IF those are also used for production files, as it is all too easy to put something bad in place, or remove something good, impacting production.
If you need more help than Wim's replies offer, then please be sure to explain a little better what root problem you are trying to solve, and how those FDL's will be used. How come 'all users' even know how to create FDL files? That's not typical, not even for a development shop.
Cheers,
Hein van den Heuvel
FDL files may have an OWNER and PROTECTION clause in them for the target file, but that is often mre a nuisance than help. Just set the protection after the target file create, if needed at all.
It is somewhat odd to allow all uses to add and delete FDL files IF those are also used for production files, as it is all too easy to put something bad in place, or remove something good, impacting production.
If you need more help than Wim's replies offer, then please be sure to explain a little better what root problem you are trying to solve, and how those FDL's will be used. How come 'all users' even know how to create FDL files? That's not typical, not even for a development shop.
Cheers,
Hein van den Heuvel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 05:22 AM
тАО07-02-2008 05:22 AM
Re: changing fdl file protection
BTW : the simplest solution is to give all users all privs.
Wim
Wim
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 06:26 AM
тАО07-02-2008 06:26 AM
Re: changing fdl file protection
Steve,
Permitting all users to add/remove FDL files to a master location is a dangerous practice. A single incorrect keystroke can cause major mayhem and disruption, all without any intent to do harm.
My personal preferences depend upon precisely what problem is being addressed. One common solution for testing is to use a consistent logical name to access the FDL files in your programs and command procedures, thus permitting a fine degree of control of where the FDL file is actually retrieved from (which can provide for a list of defaults). Just such an approach was described in " Inheritance Based Environments in Stand-alone OpenVMS Systems and OpenVMS Clusters", published in the OpenVMS Technical Journal, Volume 3, February 2004 (reprints available via http://www.rlgsc.com/publications/vmstechjournal/inheritance.html ).
As to the group and global libraries, my normal recommendation is to limit add/delete access, possibly by having the library directory owned by an Identifier, with the Identifier granted to those users authorized to make more global updates.
While such a scheme is a bit of work, it creates accountability for changes.
- Bob Gezelter, http://www.rlgsc.com
Permitting all users to add/remove FDL files to a master location is a dangerous practice. A single incorrect keystroke can cause major mayhem and disruption, all without any intent to do harm.
My personal preferences depend upon precisely what problem is being addressed. One common solution for testing is to use a consistent logical name to access the FDL files in your programs and command procedures, thus permitting a fine degree of control of where the FDL file is actually retrieved from (which can provide for a list of defaults). Just such an approach was described in " Inheritance Based Environments in Stand-alone OpenVMS Systems and OpenVMS Clusters", published in the OpenVMS Technical Journal, Volume 3, February 2004 (reprints available via http://www.rlgsc.com/publications/vmstechjournal/inheritance.html ).
As to the group and global libraries, my normal recommendation is to limit add/delete access, possibly by having the library directory owned by an Identifier, with the Identifier granted to those users authorized to make more global updates.
While such a scheme is a bit of work, it creates accountability for changes.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2008 06:43 AM
тАО07-02-2008 06:43 AM
Re: changing fdl file protection
Look up "resource identifier" in the security manual and around the Internet for details on this; this approach avoids needing to set protections, deal with protections in the FDL files, nor to deal with the file ownership.
Basically, you configure the shared files off to the ownership of the identifier, and grant the identifier to the folks that need to share access.
This also avoids granting privileges all around.
Basically, you configure the shared files off to the ownership of the identifier, and grant the identifier to the folks that need to share access.
This also avoids granting privileges all around.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP