A person with the SECURITY privilege can enable subsystems
on a volume by using the /SUBSYSTEM qualifier on the MOUNT command.
By default, subsystems are enabled only on the system disk. For
other disks, you need to enable subsystems every time a volume is
mounted.
In the following example, a security administrator uses the
MOUNT command with the /SUBSYSTEM qualifier to enable the processing
of Subsystem ACEs on device DUA0. Assume that this disk contains
the subsystem with the identifier MEMBERS_SUBSYSTEM.
$ MOUNT /SUBSYSTEM /SYSTEM DUA0: DOC WORK8 |
You can turn the processing of Subsystem ACEs on and off dynamically
with the DCL command SET VOLUME /SUBSYSTEM. This command is especially
useful for the system disk, which is not mounted using the MOUNT
command.
Any person mounting a subsystem is responsible for knowing
what is on the volume being mounted. Without this knowledge, an
operator or system manager can inadvertently subvert system security.
For example, it is easy for a user with privileges on one cluster
to put an application holding a subsystem identifier on a volume and
then take the volume to a naive operator on another cluster and
request that it be mounted. Because the application holds an appropriate
subsystem identifier, it feigns membership in a subsystem for which
it is unauthorized. Therefore, mount volumes of only those users
whom you trust, or thoroughly search a volume for Subsystem ACEs
before you mount it with subsystems enabled.
