BYPASS Privilege (All)
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
The BYPASS privilege allows the user's process full access to all protected objects, totally bypassing UIC-based protection, access control list (ACL) protection, and mandatory access controls. With the BYPASS privilege, a process has unlimited access to the system. Among the operations that can be performed are
Modification of all user authorization records (SYSUAF.DAT)
Modification of all rights identifier and holder records (RIGHTSLIST.DAT)
Modification of all network proxy records (NETPROXY.DAT or NET$PROXY.DAT [VAX only])
Modification of all DECnet object passwords and accounts (NETOBJECT.DAT)
Unlimited access to all files on all volumes
Grant this privilege with extreme caution because it overrides all object protection. It should be reserved for use by well-tested, reliable programs and command procedures. The SYSPRV privilege is adequate for interactive use because it ultimately grants access to all objects while still providing access checks. The READALL privilege is adequate for backup operations.
The BYPASS privilege lets a process perform the following tasks:
| Task | Interface |
|---|---|
Perform file system operations: | |
Modify file ownership | SET SECURITY/OWNER, $QIO request to F11BXQP |
Access a file that is marked for deletion | $QIO request to F11A ACP or F11BXQP |
Access a file that is deaccess locked | $QIO request to F11A ACP or F11BXQP |
Override creation of an owner ACE on a newly created file | $QIO request to F11BXQP |
Clear the directory bit in a directory's file header | $QIO request to F11BXQP |
Operate on an extension header | $QIO request to F11BXQP |
Acquire or release a volume lock | $QIO request to F11BXQP |
Force mount verification on a volume | $QIO request to F11BXQP |
Create a file access window with the no access lock bit set | $QIO request to F11BXQP |
Specify null lock mode for volume lock | $QIO request to F11BXQP |
Access a locked file | $QIO request to F11BXQP |
Enable or disable disk quotas on a volume | $QIO request to F11BXQP |
Operate on network databases: | |
Display permanent network database records | NCP |
Display permanent DECnet object password | NCP |
Display volatile DECnet object password | NCP |
Adjust discretionary or mandatory access controls: | |
Read a user authorization record | $GETUAI |
Modify a user authorization record | $SETUAI |
Modify mailbox protection | $QIO request request to the mailbox driver (MBDRIVER) |
Modify shared memory mailbox protection | $QIO request request to the mailbox driver (MBXDRIVER) |
Bypass discretionary or mandatory object protection | $CHKPRO |
Miscellaneous: | |
Initialize a magnetic tape | $INIT_VOL |
Unload an InfoServer system | $QIO request to the InfoServer system (DADDRIVER) |