6-4
When you create directories, you can assign a directory password and set a protection level. The protection level determines whether a volume, directory, or file password is required to gain access to a file. Protection levels are listed in Table 6-2. Protection levels also determine the type of access that is permitted to a file, as described below:
• Read access allows the user to view files or load programs. Read access is required for the operating system, configuration files, and application programs.
• Modify access allows the user to make changes to a file. Modify access is required to create and make changes to files with applica-tions, such as OFIS Designer or Art Designer, and to install or update software applications.
Some examples for using different protection levels are included later in this section.
Implementing System Security
Table 6-2. Protection and Access Levels
Protection Password Level
Level Required Description
To Read To Modify
15 None None Unprotected. No password is
required to read or modify the file.
5 None Volume or Modify protected. No password is
Directory required to read the file. A volume or directory password is required to modify the file.
0 Volume or Volume or Maximum protection. A volume or Directory Directory directory password is required to read
or modify the file.
7 None Volume, Modify password. No password is
Directory, required to read the file. A volume, or File directory, or file password is required
to modify the file.
3 Volume, Volume, Access password. A volume,
Directory, Directory, directory, or file password is required or File or File to read or modify the file.
Volume, Volume or Read password. The file can be read Directory, Directory with a volume, directory, or file
or File password, but a volume or directory
password is required to modify it.
23 None Volume Nondirectory modify password. No
or File password is required to read the file, but a volume or file password is required to modify it.
19 Volume, Volume Nondirectory access password. The
Directory, or File file can be read with a volume,
or File directory, or file password, but a
volume or file password is required to modify it.
51 Volume Volume Nondirectory password. A volume
or File or File or file password is required to read or modify the file.
eTOS System Administration Guide
Assigning a Password to a Directory
6-6
You can assign a directory password when you create the directory or later with the Set Directory Protection command. To assign a password when you create a directory, follow these steps:
1. On the Executive command line, type Create Directory; then press RETURN.
2. Fill in the command form as shown in the following example.
Parameter fields are described in Table 6-3.
Create Directory
New directory name(s) NewDir
[Default protection level (15)]
[Maximum number of files (75)]
[Password for new directory]
[Volume password]
o
TFS
#####
3. Press GO.
See the eTOS Executive Reference Manual for more information.
Table 6-3. Create Directory Parameters
Parameter
New directory name(s) [Default protection level (15)J
[Maximum number of files (75)]
[Password for new directoryJ
[Volume password]
Description
Enter a name for the directory you want to create.
Default: 15
Enter the protection level you want assigned to new files when they are created (see Table 6-2).
Default: 75
Enter the maximum number of files that can be created in the directory. Note that after a directory has been created, its size cannot be changed.
Default: Active password
Enter the password you want to assign to the directory.
Default: Active password
Enter the volume password for the volume on which you want to create the directory.
Implementing System Security
Changing a Directory Password
To change or assign a password to a directory that already exists, follow these steps:
1. On the Executive command line, type Set Directory Protection;
then press RETURN.
2. Fill in the command form as shown in the following example.
Parameter fields are described in Table 6-4.
Set Directory Protection
Directory name(s) NewDir
[Volume or directory password]
[New file protection level (current)]
[New directory password]
###
5
RAe 3. Press GO.
Note that this command does not affect files already stored in the
directory. See "Protecting Individual Files," later in this section, to learn how to change the password and protection level of a file.
Table 6-4. Set Directory Protection Parameters
Parameter
Directory name(s)
[Volume or directory password]
[New file protection level]
[New directory password]
Description
Enter the name of the directory that has the password and/or protection level you want to change.
Default: Current default password
Enter the currently assigned directory password or the volume password.
Default: Currently assigned protection level Enter the protection level you want to assign to the directory. If you leave this field blank, the protection level is not changed.
Default: Currently assigned password
Enter a new password for the directory. If you leave this field blank, the password is not changed.
eTOS System Administration Guide
Protecting the <Sys> Directory
Protection level 5 is the most appropriate for the <8ys> directory. It allows read access but does not allow modification without a password.
If you "overprotect" <8ys> (for example, with a protection level of 0), a password is required to read any file, even files that are required to bootstrap the workstation.
To assign a password and protection level to the <8ys> directory, use the Set Directory Protection command, as shown in the following example:
Set Directory Protection Directory name(s)
[Volume or directory password]
[New file protection level (current)]
[New directory password]
Sys
#####
5 KeepOut
After you assign a password to <8ys>, you may also need to set the protection level of the files that are stored there. See "Protecting Files,"
later in this section.
Limiting Access to Directories
If several users share disks on the server, you may want to create an individual directory with a unique password for each user. When you create the directories, assign a protection level of 0 or 3 (see Table 6-2);
this prevents access by users who do not know the correct password for the directory. Of course, if the volume password is supplied, a user can access any file or directory on the disk.