Previous | Contents | Index |
Displays the name, class, and profile of a protected object.
SHOW SECURITY object-name
object-name
Specifies the name of an object whose security profile is to be displayed. If the object class is SECURITY_CLASS, you can specify an asterisk (*) as object-name to see a display of all security class objects. An object name of the FILE class (explicitly or implicitly specified) can include the asterisk (*) and the percent sign (%) wildcard characters; however, wildcard characters are not allowed in any class other than FILE or SECURITY_CLASS.
The SHOW SECURITY command displays the name, class, and profile of a protected object. A profile includes an access control list (ACL), the protection code, and the owner of a protected object. For SECURITY_CLASS objects, SHOW SECURITY displays all the template profiles, which are the basis for profiles of new objects.The /CLASS qualifier identifies the class object-name is a member of. If the class is DEVICE and the object is a disk device on which a volume is mounted as a Files-11 (rather than foreign) volume, then both the device and the volume profiles are displayed.
All qualifiers other than /CLASS apply only to files.
For a description of protected objects, see the HP OpenVMS Guide to System Security.
/BACKUP
Modifies the time value specified with the /BEFORE or the /SINCE qualifier. The /BACKUP qualifier selects files according to the dates of their most recent backups (rather than by the creation, expiration, or modification date). By default, SHOW SECURITY selects files according to their creation date./BEFORE[=time]
Selects only those files dated prior to the specified time. You can specify time as absolute time, as a combination of absolute and delta times, or as one of the following keywords: BOOT, LOGIN, TODAY (default), TOMORROW, or YESTERDAY. Specify the /CREATED or the /MODIFIED qualifier to indicate the time attribute to be used as the basis for selection. The /CREATED qualifier is the default.For complete information on specifying time values, see the OpenVMS User's Manual or the online help topic Date.
/BY_OWNER[=uic]
Selects files whose owner's UIC matches the UIC specified with uic. The default UIC is that of the current process.Specify the UIC by using the standard format described in the HP OpenVMS Guide to System Security.
/CLASS=class
Specifies the class of the object whose profile is to be displayed. By default, the command assumes the object class is FILE. Object class keywords are as follows:
CAPABILITY
COMMON_EVENT_CLUSTER
DEVICE
FILE
GROUP_GLOBAL_SECTION
ICC_ASSOCIATION LOGICAL_NAME_TABLE
QUEUE
RESOURCE_DOMAIN
SECURITY_CLASS
SYSTEM_GLOBAL_SECTION
VOLUME/CREATED
Modifies the time value specified with the /BEFORE or the /SINCE qualifier. The /CREATED qualifier selects files according to the date they were created (rather than by the backup, expiration, or modification date). By default, SHOW SECURITY selects files according to their creation date./EXCLUDE=(filespec[,...])
Excludes the specified files from the SHOW SECURITY operation. You can include a directory, but not a device, in the file specification. You cannot use relative version numbers to exclude a specific version./EXPIRED
Modifies the time specified with the /BEFORE or the /SINCE qualifier. The /EXPIRED qualifier selects files according to their expiration dates rather than by the backup, creation, or modification date. (The expiration date is set with the SET FILE/EXPIRATION_DATE command.) By default, files are selected according to their creation date./MODIFIED
Modifies the time value specified with the /BEFORE or the /SINCE qualifier. The /MODIFIED qualifier selects files according to the dates on which they were last modified, rather than by the backup, creation, or expiration date. By default, files are selected according to their creation date./SINCE[=time]
Selects only those files dated on or after the specified time. You can specify time as absolute time, as a combination of absolute and delta times, or as one of the following keywords: BOOT, JOB_LOGIN, LOGIN, TODAY (default), TOMORROW, or YESTERDAY. Specify the /CREATED or the /MODIFIED qualifier to indicate the time attribute to be used as the basis for selection. The /CREATED qualifier is the default.For complete information on specifying time values, see the OpenVMS User's Manual or the online help topic Date.
/SYMLINK=keyword
The valid keywords for this qualifier are [NO]WILDCARD, [NO]ELLIPSIS, and [NO]TARGET. Descriptions are as follows:
Keyword Explanation NOWILDCARD Indicates that symlinks are disabled during directory wildcard searches. WILDCARD Indicates that symlinks are enabled during wildcard searches. NOELLIPSIS Indicates that symlinks are matched for all wildcard fields except for ellipsis. ELLIPSIS Equivalent to WILDCARD (included for command symmetry). TARGET Indicates that if the target file of the file specification is a symlink, then the target file is followed. NOTARGET Indicates that the command operates on the target file even if it is a symlink. If the file named in the SHOW SECURITY command is a symlink, the command by default operates on the symlink itself.
#1 |
---|
$ SHOW SECURITY LNM$SYSTEM_TABLE /CLASS=LOGICAL_NAME_TABLE LNM$SYSTEM_TABLE object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWC, Owner: RWC, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,SVENSEN],ACCESS=CONTROL) |
This example shows a typical request to display the security elements of an object. The logical name table LNM$SYSTEM_TABLE is displayed with the settings of the security elements owner, protection, and ACL.
#2 |
---|
$ SHOW SECURITY/CLASS=DEVICE $99$DUA22 _$99$DUA22: object of class DEVICE Owner: [SALES,TSUTTER] Protection: (System: RWPL, Owner: RWPL, Group: R, World) Access Control List: <empty> RES17SEP object of class VOLUME Owner: [FEAST,FY93] Protection: (System: RWCD, Owner: RWCD, Group: RWCD, World: RWCD) Access Control List: <empty> $ SHOW DEVICE $99$DUA22 Device Device Error Volume Free Trans Mnt Name Status Count Label Blocks Count Cnt $99$DUA22: (KUDOS) Mounted 0 RES17SEP 649904 1 2 |
This example shows a request for the security profile of a disk device. The resulting display provides both the profiles of the disk $99$DUA22 and the volume RES17SEP that is mounted on it. The subsequent SHOW DEVICE command confirms that the volume is mounted on the device $99$DUA22.
#3 |
---|
$ SHOW SECURITY LOGICAL_NAME_TABLE /CLASS=SECURITY_CLASS LOGICAL_NAME_TABLE object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWCD, Owner: RWCD, Group: R, World: R) Access Control List: <empty> Template: GROUP Owner: [SYSTEM] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: <empty> Template: JOB Owner: [SYSTEM] Protection: (System: RWCD, Owner: RWCD, Group, World) Access Control List: <empty> Template: DEFAULT Owner: [SYSTEM] Protection: (System: RW, Owner: RW, Group: R, World: R) Access Control List: <empty> |
This example shows the output for the special case of a security class object. The security class object LOGICAL_NAME_TABLE is displayed with the security profile. In addition, three templates are displayed.
#4 |
---|
$ SHOW SECURITY * /CLASS=SECURITY_CLASS SECURITY_CLASS object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWCD, Owner: RWCD, Group: R, World: R) Access Control List: <empty> LOGICAL_NAME_TABLE object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWCD, Owner: RWCD, Group: R, World: R) Access Control List: <empty> . . . |
This example shows the output for the special case of showing all the security classes currently registered. The asterisk (*) wildcard character is used; any other form of wildcard characters is not accepted. Security profiles are shown for each security class. Note that template information is not shown.
Previous | Next | Contents | Index |