• Aucun résultat trouvé

Protecting Directories

Dans le document System Administration Guide (Page 89-93)

6-4

When you create directories, you can assign a directory password and set a protection level. The protection level determines whether a volume, directory, or file password is required to gain access to a file. Protection levels are listed in Table 6-2. Protection levels also determine the type of access that is permitted to a file, as described below:

Read access allows the user to view files or load programs. Read access is required for the operating system, configuration files, and application programs.

Modify access allows the user to make changes to a file. Modify access is required to create and make changes to files with applica-tions, such as OFIS Designer or Art Designer, and to install or update software applications.

Some examples for using different protection levels are included later in this section.

Implementing System Security

Table 6-2. Protection and Access Levels

Protection Password Level

Level Required Description

To Read To Modify

15 None None Unprotected. No password is

required to read or modify the file.

5 None Volume or Modify protected. No password is

Directory required to read the file. A volume or directory password is required to modify the file.

0 Volume or Volume or Maximum protection. A volume or Directory Directory directory password is required to read

or modify the file.

7 None Volume, Modify password. No password is

Directory, required to read the file. A volume, or File directory, or file password is required

to modify the file.

3 Volume, Volume, Access password. A volume,

Directory, Directory, directory, or file password is required or File or File to read or modify the file.

Volume, Volume or Read password. The file can be read Directory, Directory with a volume, directory, or file

or File password, but a volume or directory

password is required to modify it.

23 None Volume Nondirectory modify password. No

or File password is required to read the file, but a volume or file password is required to modify it.

19 Volume, Volume Nondirectory access password. The

Directory, or File file can be read with a volume,

or File directory, or file password, but a

volume or file password is required to modify it.

51 Volume Volume Nondirectory password. A volume

or File or File or file password is required to read or modify the file.

eTOS System Administration Guide

Assigning a Password to a Directory

6-6

You can assign a directory password when you create the directory or later with the Set Directory Protection command. To assign a password when you create a directory, follow these steps:

1. On the Executive command line, type Create Directory; then press RETURN.

2. Fill in the command form as shown in the following example.

Parameter fields are described in Table 6-3.

Create Directory

New directory name(s) NewDir

[Default protection level (15)]

[Maximum number of files (75)]

[Password for new directory]

[Volume password]

o

TFS

#####

3. Press GO.

See the eTOS Executive Reference Manual for more information.

Table 6-3. Create Directory Parameters

Parameter

New directory name(s) [Default protection level (15)J

[Maximum number of files (75)]

[Password for new directoryJ

[Volume password]

Description

Enter a name for the directory you want to create.

Default: 15

Enter the protection level you want assigned to new files when they are created (see Table 6-2).

Default: 75

Enter the maximum number of files that can be created in the directory. Note that after a directory has been created, its size cannot be changed.

Default: Active password

Enter the password you want to assign to the directory.

Default: Active password

Enter the volume password for the volume on which you want to create the directory.

Implementing System Security

Changing a Directory Password

To change or assign a password to a directory that already exists, follow these steps:

1. On the Executive command line, type Set Directory Protection;

then press RETURN.

2. Fill in the command form as shown in the following example.

Parameter fields are described in Table 6-4.

Set Directory Protection

Directory name(s) NewDir

[Volume or directory password]

[New file protection level (current)]

[New directory password]

###

5

RAe 3. Press GO.

Note that this command does not affect files already stored in the

directory. See "Protecting Individual Files," later in this section, to learn how to change the password and protection level of a file.

Table 6-4. Set Directory Protection Parameters

Parameter

Directory name(s)

[Volume or directory password]

[New file protection level]

[New directory password]

Description

Enter the name of the directory that has the password and/or protection level you want to change.

Default: Current default password

Enter the currently assigned directory password or the volume password.

Default: Currently assigned protection level Enter the protection level you want to assign to the directory. If you leave this field blank, the protection level is not changed.

Default: Currently assigned password

Enter a new password for the directory. If you leave this field blank, the password is not changed.

eTOS System Administration Guide

Protecting the <Sys> Directory

Protection level 5 is the most appropriate for the <8ys> directory. It allows read access but does not allow modification without a password.

If you "overprotect" <8ys> (for example, with a protection level of 0), a password is required to read any file, even files that are required to bootstrap the workstation.

To assign a password and protection level to the <8ys> directory, use the Set Directory Protection command, as shown in the following example:

Set Directory Protection Directory name(s)

[Volume or directory password]

[New file protection level (current)]

[New directory password]

Sys

#####

5 KeepOut

After you assign a password to <8ys>, you may also need to set the protection level of the files that are stored there. See "Protecting Files,"

later in this section.

Limiting Access to Directories

If several users share disks on the server, you may want to create an individual directory with a unique password for each user. When you create the directories, assign a protection level of 0 or 3 (see Table 6-2);

this prevents access by users who do not know the correct password for the directory. Of course, if the volume password is supplied, a user can access any file or directory on the disk.

Dans le document System Administration Guide (Page 89-93)