GT.M adheres to OpenVMS security concepts. To establish access to the GT.M system objects, such as files and directories, use the two primary OpenVMS protection mechanisms:
Protection based on User Identification Codes (UIC)
Protection based on Access Control Lists (ACL)
The overhead associated with using either mechanism is typically negligible.
UIC-based protection is the standard file protection mechanism. Each object in a OpenVMS system has a UIC plus a protection code.
A process is assigned the UIC of its owner when it is created. A process may SET (change) its UIC only if it has CMKRNL privilege, which is typically reserved for users in a system manager role. The protection code specifies the access privileges specified for each user type.
When you create or maintain accounts for GT.M users, you complete the following actions that affect UIC-based protection:
Assigning each user as a member of a group
Assigning each user a file protection code or mask that will be the default for files owned by the user
The relationship between the UIC of the user and the UIC of the object controls access to that object. UIC's control access to files and other OpenVMS objects according to the following process categories (listed in order of precedence):
|
SYSTEM |
Processes that have a UIC in a distinguished "system" group, or have SYSPRV (or certain special conditions exist). |
|
OWNER |
Processes that have the same UIC as that of the object. |
|
GROUP |
Processes that have a UIC of the same group as the object UIC. |
|
WORLD |
All processes. |
A process requiring access to an object searches the protection mask of the object. Access is granted when the process encounters "permission" associated with the category fulfilled by the process. You can specify permissions for the following:
READ Read the file
WRITE Change the file
EXECUTE Run the file
DELETE Remove the file from storage
Example:
$ SET FILE/PROTECT=(S:RWED,O:RWED,G:RE,W:"") FILE.DAT
In this example, the protection mask specifies READ, WRITE, EXECUTE, and DELETE access for users in the SYSTEM and OWNER categories, READ and EXECUTE access in the GROUP category, and no access in the WORLD category. This is the OpenVMS default for UIC protection.
ACLs enables you to assign stronger security than UICs by means of an access control list. You may wish to use ACLs as a way of restricting access to files where users share a UIC group. For more information on ACLs, refer to the OpenVMS Guide to System Security.
Use of the files supplied in the GT.M distribution require READ and, usually, EXECUTE privileges. The VMSINSTAL procedure leaves the distribution files with READ and EXECUTE privileges for all users (WORLD). You may want to modify these protections if you want to restrict the use of GT.M.
The application executable images must be accessible to the users requiring them. Generally, you do this by granting the application images GROUP and/or WORLD classes with READ and EXECUTE access.
Ensure that database regions are designed with a granularity that permits you to implement your protection needs using ACLs or different UICs.
In a development environment, central source files are usually READ protected to the GROUP or WORLD, and WRITE and DELETE access are restricted to a librarian.
Other files used by your applications may require protection depending on the level of security you require.