HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Appendix B Protection for OpenVMS System Files

Standard Ownership and Protection

The system (SYSTEM) owns all OpenVMS system files except one. The directory MOM$SYSTEM is owned by UIC [376,375].

All files in SYS$SYSDEVICE:[VMS$COMMON], except those listed in “Exceptions to Standard OpenVMS System File Protection”, have a protection code of S:RWED,O:RWED,G:RWED,W:RE.

The directory VMS$COMMON.DIR and the files in SYS$SYSDEVICE:[SYSx.DIR] have a protection code of S:RWE,O:RWE,G:RE,W:RE.

For SYSUAF.DAT, RIGHTSLIST.DAT, and VMS$PASSWORD_HISTORY.DATA, the file owner must be a UIC with a group within the system range (less than MAXSYSGROUP system parameter). Values of [1,1] or [SYSTEM] (1,4) are recommended.

Table B-1 Exceptions to Standard OpenVMS System File Protection

Files Protection
[VMS$COMMON]
DECW$DEFAULTS.DIRMOM$SYSTEM.DIRS:RWE,O:RWE,G:RE,W:RE
SYS$KEYMAP.DIRSYS$LDR.DIR 
SYS$STARTUP.DIRSYSCBI.DIR 
SYSERR.DIRSYSEXE.DIR 
SYSFONT.DIRSYSHLP.DIR 
SYSLIB.DIRSYSMAINT.DIR 
SYSMGR.DIRSYSMSG.DIR 
SYSTEST.DIRSYSUPD.DIR 
VUE$LIBRARY.DIR  
[VMS$COMMON.SYS$KEYMAP]
DECW.DIR S:RWE,O:RWE,G:RE,W:RE
[VMS$COMMON.SYS$KEYMAP.DECW]
SYSTEM.DIRUSER.DIRS:RWE,O:RWE,G:RE,W:RE
[VMS$COMMON.SYSEXE]
ISL_LVAX_061.SYSISL_SVAX_061.SYSS:RWED,O:RWED,G:RE,W:RE
NETPROXY.DAT S:RWE,O:RWE,G:RWE,W
NET$PROXY.DAT S:RWE,O:RWE,G:RWE,W
MSGHLP$MAIN.EXE S:RE,O:RE,G:RE,W:RE
RIGHTSLIST.DAT S:RWED,O:RWED,G,W
SYSUAF.DAT S:RWED,O:RWED,G,W
VMS$OBJECTS.DAT S:RWE,O:RWE,G:RE,W
VMS$PASSWORD_HISTORY.DATA S:RWE,O:RWE,G,W
[VMS$COMMON.SYSFONT]
DECW.DIRPS_FONT_METRICS.DIRS:RWE,O:RWE,G:RE,W:RE
VWS.DIRXDPS.DIR 
[VMS$COMMON.SYSFONT]
DECW.DIRPS_FONT_METRICS.DIRS:RWE,O:RWE,G:RE,W:RE
VWS.DIRXDPS.DIR 
[VMS$COMMON.SYSFONT.DECW]  
100DPI.DIR75DPI.DIRS:RWE,O:RWE,G:RE,W:RE
COMMON.DIRCURSOR16.DIR 
CURSOR32.DIRUSER_100DPI.DIR 
USER_75DPI.DIRUSER_COMMON.DIR 
USER_CURSOR16.DIRUSER_CURSOR32.DIR 
[VMS$COMMON.SYSHLP]
DECW.DIRVMSDOC.DIRS:RWE,O:RWE,G:RE,W:RE
MSGHLP$ENGLISH.EXE S:RE,O:RE,G:RE,W:RE
EXAMPLES.DIR S:RWE,O:RWE,G:RE,W:RE
[VMS$COMMON.SYSLIB]
CDA$ACCESS.EXEDECW$DWTLIBSHR.EXES:RW,O:RWED,G:R,W:R
DECW$PRINTWGTSHR.EXEDECW$XLIBSHR.EXE 
MSGHLP$ENGLISH.EXEMSGHLP$SHARE.EXES:RE,O:RE,G:RE,W:RE
VMS$PASSWORD_DIC TIONARY.DATA S:RE,O:RE,G,W
XDPS$DPSBINDINGSSHR.EXEXDPS$DPSCLIENTSHR.EXES:RW,O:RWED,G:R,W:R
XDPS$DPSLIBSHR.EXEXNL$SHR.EXE 
[VMS$COMMON.SYSMGR]
SECURITY.AUDIT$JOURNAL S:RWED,O:RWED,G:RE,W
VMS$AUDIT_SERVER.DAT S:RWE,O:RWE,G:RE,W
WELCOME.TEMPLATEWELCOME.TXTS:RWED,O:RWED,G:RE,W:RE
[VMS$COMMON.VUE$LIBRARY]
SYSTEM.DIRUSER.DIRS:RWE,O:RWE,G:RE,W:RE