![[Compaq]](../../images/compaq.gif)
![[Go to the documentation home page]](../../images/buttons/bn_site_home.gif)
![[How to order documentation]](../../images/buttons/bn_order_docs.gif)
![[Help on this site]](../../images/buttons/bn_site_help.gif)
![[How to contact us]](../../images/buttons/bn_comments.gif)
![[OpenVMS documentation]](../../images/ovmsdoc_sec_head.gif)
| Document revision date: 30 March 2001 | |
|
|
|
|
|
|
| Previous | Contents | Index |
By default, each disk device available to the Advanced Server when it starts is assigned an autoshare name. If you mount a disk device after the server has started, you must synchronize the available devices using the SET COMPUTER command, to make the disk device available to the Advanced Server. For example:
LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/AUTOSHARE_SYNCHRONIZE %PWRK-S-AUTOSHRSYNCHED, autoshare synchronization was successful LANDOFOZ\\TINMAN> |
In the OpenVMS Cluster environment, you must enter this command on
every node in the cluster.
4.3 Managing Shared Directories and Files
Advanced Server allows you to create shared and personal shared
directories. Some shares are provided by default.
4.3.1 Default Shares
When you install Advanced Server software, it creates the default shares shown in Table 4-6, Default Shares.
| Share Name | Description |
|---|---|
| USERS | Contains user home directories. This shared directory is created only when logon validation is enabled. |
| NETLOGON | Default location for logon scripts. This directory is shared if the Netlogon service is running. |
| PWLIC | Client Licensing Software |
| PWLICENSE | Client Licensing Software |
| PWUTIL | Default location for Advanced Server utilities. |
A share is a shared directory. By sharing a directory, you allow users on the network to access the directory.
Any directory on the server can be shared, including the root directory of a disk device. Users specify the share name when accessing and displaying shares. No two resources on the same server can have the same share name.
When you create a shared directory, you assign access permissions to users and groups. These permissions define the access to the share for the specified users and groups. If you do not specify permissions when you add a share, all users are allowed to access the share.
You can define an OpenVMS system logical name that refers to an OpenVMS
physical device. Then you can specify the logical name when you create
the share using the ADD SHARE command. This allows you to move the
physical structure to another device, redefine the logical name, and
continue to provide access to the structure by the same share name.
Users connected to the share will have to reconnect after this change.
4.3.2.1 Preparing to Share a Directory
When you share directories on a server, it is important to be well organized. If many users access the same directory for different purposes and activities, the directory can become a clutter of unrelated files. If you take the time to create separate directories organized by group and function, it will be easier to keep files organized and to ensure security.
Before setting up a shared directory, prepare a list of directories you will need to share on the server. Also prepare a list of the users and groups that will require access to each shared directory and the kinds of permissions they will need. Use the worksheets in the Compaq Advanced Server for OpenVMS Concepts and Planning Guide to help you prepare these lists.
When sharing a directory on a server, you specify the names of the users and groups who can access the shared directory by setting share permissions, and who can access the subdirectories and files in the share by setting file and directory access permissions as described in Section 4.3.6, Specifying File and Directory Access Permissions. This allows you to set different permissions for each subdirectory and file in the shared directory.
You can also set up auditing of each type of access and of specific files and directories, as described in Section 4.3.9, Auditing Directory and File Access. This provides event log messages when the files and directories are accessed.
To create a share, you must be a member of the Administrators or Server Operators group, and the associated OpenVMS directory must already exist. If a directory to be shared does not exist, you must create it either on OpenVMS or remotely. To create a directory on the OpenVMS system, use the OpenVMS command CREATE/DIRECTORY. For example, to create the directory [SHARED] on disk device USER1, enter the following OpenVMS command:
$ CREATE/DIRECTORY USER1:[SHARED] |
To secure shared directories effectively, keep the following in mind:
Table 4-7, Share Permissions, shows permissions available for shares and the actions available to users for each permission.
| Users can do the following... | No Access | Read Access | Change Access | Full Control |
|---|---|---|---|---|
| Display subdirectory names and file names | X | X | X | |
| Display file data and attributes | X | X | X | |
| Run program files | X | X | X | |
| Go to subdirectories of the directory | X | X | X | |
| Create subdirectories and add files | X | X | ||
| Change data in and append data to files | X | X | ||
| Change file attributes | X | X | ||
| Delete subdirectories and files | X | X | ||
| Change permissions (Windows NT files and directories only) | X | |||
| Take ownership (Windows NT files and directories only) | X |
You can share an existing OpenVMS directory. When you share a directory, you specify its location on the server, including the disk device, the directory name, and the name for the share. The following example shows how to share a directory on the server:
Use the ADD SHARE/DIRECTORY command. For example:
LANDOFOZ\\TINMAN> ADD SHARE/DIRECTORY RAINBOW USER1:[SHARED] - _LANDOFOZ\\TINMAN> /HOST_ATTRIBUTES=(RMS_FORMAT=STREAM) %PWRK-S-SHAREADD, share "RAINBOW" added on server "TINMAN" |
This command adds a directory share named RAINBOW for the directory
USER1:[SHARED]. Files created in this directory will be RMS
stream-format files. Because the /PERMISSIONS qualifier is not included
on the command line, the new share is available to all network users.
4.3.2.4 Creating a Personal Share
The Advanced Server allows you to set up personal shares, which are typically used for sharing a user's OpenVMS login directory. Personal shares are unique in that they are hidden (they will not appear in the list of shares users can display, such as in Network Neighborhood), but the names of personal shares do not end with a dollar sign ($). Thus, when users want to map a drive to their OpenVMS login directory, they specify a personal share name (typically the same as their user name) without having to include a dollar sign in the share name.
Users cannot specify personal shares in the UNC path when connecting to or listing resources. To access such a file or run an application from the personal share, users must specify the device associated with the share. |
A personal share typically points to the root directory of a user's OpenVMS account. For example, network user SCARECROW has a personal share that is mapped to the OpenVMS directory [STRAWMAN] on server TINMAN. If you display the personal shares on TINMAN, the following information appears:
LANDOFOZ\\TINMAN> SHOW SHARES/TYPE=PERSONAL Shared resources on server "TINMAN": Name Type Description ------------ --------- ------------------------------------- STRAWMAN Personal Total of 1 share |
STRAWMAN, the host mapped OpenVMS account, has a login directory defined in the UAF record; for example: DUA1:[000000]STRAWMAN.DIR, or DUA1:[STRAWMAN]. You can use the AUTHORIZE utility to display a system's UAF records. For example:
$ MCR AUTHORIZE UAF> SHOW STRAWMAN Username: STRAWMAN Owner: SYSTEM MANAGER Account: SYSTEM UIC: [360,44] ([PCSA,STRAWMAN]) CLI: DCL Table: DCLTABLES Default: DUA1:[STRAWMAN] LGICMD: LOGIN . . . |
Only users in the Administrators group can display and access all the personal shares on a server.
A user with OpenVMS user accounts on multiple servers in a domain may have a personal share associated with an account on each server. |
Follow these steps to create a personal share:
LANDOFOZ\\TINMAN> ADD SHARE GREATOZ USER1:[USERS] -
_LANDOFOZ\\TINMAN> /PERSONAL/NOPERMISSIONS/PERMISSIONS=(LION=FULL)
%PWRK-S-SHAREADD, share "GREATOZ" added on server "TINMAN"
LANDOFOZ\\TINMAN> SHOW SHARES/TYPE=PERSONAL/FULL
Shared resources on server "TINMAN":
Name Type Description
------------ --------- ------------------------------------------
GREATOZ Personal
Path: USER1:[USERS]
Connections: Current: 0, Maximum: No limit
RMS file format: Stream
Directory Permissions: System: RWED, Owner: RWED, Group: RWED, World: RE
File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R
Share Permissions:
LION Full Control
Total of 1 share
LANDOFOZ\\TINMAN>
|
After the personal share is created, you can set up the associated
directory as the user's home directory. The home directory contains
files and programs for the user, and is automatically accessible when
the user logs on to the network. For information about setting up home
directories, see Section 3.1.10, Specifying Home Directories.
4.3.2.5 Stopping Directory Sharing
You may need to stop sharing a directory when the directory is no longer being used and you want to delete it; for example, when a project requiring the use of shared files is completed. Advise users when you are planning to stop sharing a directory.
For example, to stop sharing the directory GREATOZ, use the ADMINISTER command REMOVE SHARE, as follows:
LANDOFOZ\\TINMAN> REMOVE SHARE GREATOZ/NOCONFIRM %PWRK-S-SHAREREM, share "GREATOZ" removed from server "TINMAN" LANDOFOZ\\TINMAN> |
This example removes the share named GREATOZ from the server named
TINMAN; no confirmation is required. When you stop sharing a directory,
the share name is removed from the share database and no longer appears
on the list of available shares. However, the directory and its files
are not deleted.
4.3.3 Displaying Information About Shares
You can use the SHOW SHARES command to display the shares provided by a server and to see which shares are available to the network. Before sharing a new directory from the server, first check which shares are currently available.
The following example shows how to display the shared directories for your server:
LANDOFOZ\\TINMAN> SHOW SHARES Shared resources on server "TINMAN": Name Type Description ------------ --------- --------------------------------------- NETLOGON Directory Logon Scripts Directory PWLIC Directory PATHWORKS Client License Software PWLICENSE Directory PATHWORKS Client License Software PWUTIL Directory PATHWORKS Client-based Utilities USERS Directory Users Directory Total of 5 shares LANDOFOZ\\TINMAN> |
The default display does not show administrative shares and personal shares.
You can display information about administrative shares (those that end with $) using the SHOW SHARES/HIDDEN command, as described in Section 4.2, Administrative Shares.
You can display information about personal shares using the SHOW SHARES/TYPE=PERSONAL command.
You can display information about all shares using the SHOW
SHARE/TYPE=ALL command.
4.3.3.1 Displaying Information About a Specific Share
You can display information about any share, regardless of the type of share, by specifying the share name, as in the following example:
LANDOFOZ\\TINMAN> SHOW SHARES RAINBOW Shared resources on server "TINMAN": Name Type Description ------------ --------- -------------------- RAINBOW Personal Total of 1 share |
To display share permissions, use the SHOW SHARES command with the /PERMISSIONS qualifier. For example:
LANDOFOZ\\TINMAN> SHOW SHARES/PERMISSIONS
Shared resources on server "TINMAN":
Name Type Description
------------ --------- --------------------------------------------------
DICK Printer Dick's print share
Share Permissions:
Everyone Full Control
NETLOGON Directory Logon Scripts Directory
Share Permissions:
Everyone Read
PATHWORKS Directory
Share Permissions:
Everyone Full Control
PWLIC Directory PATHWORKS Client License Software
Share Permissions:
Administrators Full Control
Everyone Read
PWLICENSE Directory PATHWORKS Client License Software
Share Permissions:
Administrators Full Control
Everyone Read
PWUTIL Directory PATHWORKS Client-based Utilities
Share Permissions:
Everyone Read
USERS Directory Users Directory
Share Permissions:
Everyone Full Control
Total of 7 shares
LANDOFOZ\\TINMAN>
|
You can change the properties of an existing share using the MODIFY SHARE command. You can change the following share properties:
To change the properties of a shared directory, you must be logged on as a member of the Administrators or Server Operators group.
The following example shows how to use the MODIFY SHARE command to add permissions on an existing directory share called GREATOZ and to grant READ access to the user SCARECROW:
LANDOFOZ\\TINMAN> MODIFY SHARE GREATOZ/PERMISSIONS=(SCARECROW=READ) %PWRK-S-SHAREMOD, share "GREATOZ" modified on server "TINMAN" LANDOFOZ\\TINMAN> |
Users and groups can be granted or denied access to specific files and subdirectories in a shared directory. A user denied access to a file or directory, either individually or as a member of a group, can connect to the share but cannot perform any operations with the files and directories in the share. You can grant specific unique access permissions for files and directories in shares that users can access. Once a user connects to the resource, the file and directory access permissions control the operations that the user can perform. For information about specifying share permissions, see Section 4.3.2.2, Planning Share Permissions.
You can enable users to set access permissions on their own files and
directories. These users can then control whether other users can read,
write, or modify files in that directory. To enable users to set access
permissions, give them full control using the SET FILE command.
4.3.5.1 File and Directory Access Permissions
Table 4-8, Directory Access Permissions and Actions on Directories, lists the types of access users can have and the permissions to set on directories.
| User can... | NONE | LIST | READ | ADD | ADD AND READ | CHANGE | FULL CONTROL |
|---|---|---|---|---|---|---|---|
| Display directory file names | X | X | X | X | X | ||
| Display directory attributes | X | X | X | X | X | X | |
| Go to directory subdirectories | X | X | X | X | X | X | |
| Change directory attributes | X | X | X | X | |||
| Create subdirectories and add files | X | X | X | X | |||
| Display directory owner and permissions | X | X | X | X | X | X | |
| Delete the directory | X | X | |||||
| Delete any file or empty subdirectory in a directory | X | ||||||
| Change directory permissions | X | ||||||
| Take ownership of the directory | X |
Table 4-9, Directory Access Permissions and Actions on Files, lists the types of access users can have to files and the permissions to set on them.
| User can... | NONE | LIST | READ | ADD | ADD AND READ | CHANGE | FULL CONTROL |
|---|---|---|---|---|---|---|---|
| Display file owner and permissions | X | X | X | X | |||
| Display file data | X | X | X | X | |||
| Display file attributes | X | X | X | X | |||
| Run a program file | X | X | X | X | |||
| Change file attributes | X | X | |||||
| Change data in and append data to the file | X | X | |||||
| Delete the file | X | X | |||||
| Change the file permissions | X | ||||||
| Take ownership of the file | X |
| Previous | Next | Contents | Index |
|
|
| privacy and legal statement | ||
| 6543PRO_011.HTML | ||