From: SMTP%"RELAY-INFO-VAX@CRVAX.SRI.COM" 19-JAN-1994 10:18:09.55 To: EVERHART CC: Subj: RE: Protection Question Message-Id: <9401161444.AA01419@uu3.psi.com> Date: Sun, 16 Jan 94 09:33:09 EDT From: Jerry Leichter To: INFO-VAX@SRI.COM Subject: RE: Protection Question X-Vms-Mail-To: UUCP%"mark@dorsai.dorsai.org" My applications work with files that live in one directory. Everybody is in the same Group and has access to them. The files, however, have the UIC of the directory - not the user who wrote/modified them! 1. How can I modify my setup so I can tell who did what at a file level? That's what should normally happen! The rules for determining ownership of newly-created files are described, in detail, in the Guide to VMS System Security. In brief, ownership is inherited from either (a) a previous version of the file, if it exists; (b) or, failing that, the directory in which the file is being created - *but* only if the process creating the file has "ownership rights" to either the previous version (for (a)) or the directory (for (b)). "Ownership rights", in turn, come about through any one of three routes: (a) holding the resource attribute to the identifier that owns the previous version/directory; (b) have a system UIC, SYSPRV or BYPASS privilege, or own the volume on which the files reside; (c) hold GRPPRV and have a UIC in the same group as the UIC of the previous version/directory. Which of these is true in your case? 2. How can I get the USER ID as the owner rather than the UIC? You can't. User id's don't own things; UIC's (and general identifiers) do. That's fundamental to the design of the VMS security model. I think you need to read the above-mentioned Guide *carefully*. It's *not* easy going by any means; the VMS security model is quite complex. But that's the only way you'll be able to understand what you can accomplish, and how. -- Jerry