Files-11 - File Security: Protection and ACLs

File Security: Protection and ACLs

VMS file security is defined by two mechanisms, UIC-based access control and ACL-based access control. UIC access control is based on the owner of the file and the UIC, or user, accessing the file. Access is determined by four groups of permissions:

• System
• Owner
• Group
• World

And four permission bits:

• Read
• Write
• Execute
• Delete

The "system" access applies to any user whose UIC group code is less than or equal to the SYSGEN parameter MAXSYSGROUP (typically 8, or 10 octal) (for example the SYSTEM user); "owner" and "group" apply to the owner of the file and that user's user group, and "world" applies to any other user. There is also a fifth permission bit, "Control", which is used to determine access to change file metadata such as protection. This group cannot be set explicitly; it is always set for System and Owner, and never for Group or World.

UIC-based access control is also affected by four system privileges, which allow users holding them to override access controls:

• BYPASS: user implicitly has RWED access to all files, regardless of file protection;
• READALL: user implicitly has R access to all files;
• SYSPRV: user may access files based on System protection;
• GRPPRV: user may access files based on System protection if their UIC group matches the file's group.

ACLs allow additional privileges to be assigned on a user– or group–specific basis; for example, a web server's UIC could be granted read access to all files in a particular directory. ACLs can be marked as inherited, where a directory file's ACL applies to all files underneath it. ACLs are modified using the EDIT/ACL command, and take the form of identifier/access pairs. For example, the ACL entry

(IDENTIFIER=HTTP$SERVER,ACCESS=READ+EXECUTE)

would allow the user HTTP$SERVER to read and execute the file.