SUPERIOR DIRECTORY FULL
5.7 PROTECTING DIRECTORIES AND FILES
Every directory and file has a protection number associated with it.
The system uses a default protection number for each directory and file when the directory or file is created.
Whenever a user accesses a file, the system first checks the directory protection. If that protection allows the user the appropriate access to the directory, the system then checks the protection of the individual file.
5.7.1 Directory and File Protection Digits
The directory. and file protection numbers have three 2-digit fields.
The first field applies to the owner of the directory or file, the second field to members of the same group as this directory, and the third field to all other users (or world).
Protection Code
dd dd dd
Owner Group World
The default protection for directories and files is 777700. A directory or file protection of 77 in any given field allows full access. For example, the default protection allows the owner and members of his group full access but all other users no access.
Protection Code
77 77 00
Owner Group World
Table 5-1 contains a list of the directory protection digits.
Table 5-1: Directory Protection Digits
Digits 04 10
40
CREATING DIRECTORIES
Privilege
Permits creating files in the directory.
Permits connecting to the directory without glvlng a password and changing the accounts and protection numbers of the files therein. Thus it gives many of the privileges the directory owner has. (Refer to the
!Qe§=~Q MQ~!~Q~ Q~!!~ manual.)
Permits, subject to the protection on the individual file, listing the names of the files with the DIRECTORY command and reading the file, e.g., via the TYPE, PRINT, or LIST commands.
These protection codes are actually bits in a protection word. To get more than one protection, add the digits (octal) corresponding to the protection you want. Thus, 44 allows listing the files and creating new files. There are unused bits in the protection number; therefore, to provide complete access to files, use 77. Useful digit pairs are:
00 Permits no access.
40 Permits the files to be listed and read.
77 Permits full (owner) access.
A file protection number has the same format as a directory protection number, but the meanings of the digits are different. Table 5-2 contains a list of file protection digits.
Table 5-2: File Protection Digits
Digits Privilege
02 Permits wildcarding of the file.
04 Permits appending to the file.
10 Permits executing the file.
20 Permits writing and deleting the file.
40 Permits reading the file.
Obtain a protection number by adding the file protection digits of the different protections you need. For example, protection number 775200 allows the owner full privileges; the members of the same group
5-26
reading, executing, users no privileges.
CREATING DIRECTORIES
and directory listing privileges; and all other Useful digit pairs are:
00 Permits listing the file with the DIRECTORY command only if the file is specified explicitly and completely.
12 Permits executing and using the DIRECTORY command .to list the file only.
This protection is useful when, for example, you purchase a program and agree in your contract not to allow any of your system users to read, write into, or copy the file. Set the protection on an execute-only file to 771212. The TOPS-20 Beware file provides additional considerations for setting up execute-only files.
52 Permits reading, executing, and using the DIRECTORY command to list the file.
77 Permits full access.
The system checks protectio~ numbers starting with the two rightmost digits. Therefore, users do not restrict members of a group by assigning the file protection 770052; because the group gets at least the execute, read, and directory list access (52) granted to all users.
Also, because the system checks the directory protection before the file protection, files that have been given a low file protection are still secure in a directory with the default directory protection.
For example, suppose the user KOHN tries to type the file EDIT.MAC in the directory <HESS). The protection on the directory <HESS) is 777700 and the protection on the file EDIT.MAC is 777752. User KOHN and directory <HESS> are not in the same group, so the world protection applies. First, the system checks the directory protection, 777700. The last two digits (00) apply and permit no access to the directory. User KOHN is not allowed to type the file, even though the corresponding protection on the file (52) would allow the file to be read, executed, and listed with the DIRECTORY command if KOHN were allowed access to files in the directory.
5.7.2 Changing Directory and File Protection
Users can change file protection numbers via the SET FILE PROTECTION command or the RENAME command.
Users can change directory protection numbers via the SET DIRECTORY PROTECTION or BUILD command. You can, however, prevent users from making changes to their directory protection numbers by including the DISABLE DIRECTORY-PARAMETER-SETTING command in the system file called
CREATING DIRECTORIES
DIRECTORY-PARAMETER-SETTING. (Refer to the TQr§=~Q ~
Model