LISTSERV - HP3000-L Archives

HP3000-L Archives

November 1998, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L November 1998, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: HFS file security question
From:	Lee Gunter <[log in to unmask]>
Reply To:	Lee Gunter <[log in to unmask]>
Date:	Wed, 11 Nov 1998 12:50:38 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (72 lines)

Well, now, my interest is piqued, so I go to :HELP NEWDIR ... and I find
the following:

                  The default access given to dir_name depends on
       whether or not the cmask has been initialized.
       If cmask is uninitialized then access is defined
       by an explicit ACD, which grants all access to
       $OWNER, and only RACD access to $GROUP,
       $GROUP_MASK and other (@.@).  This is the behavior
       from the CI.  If cmask is initialized then an ACD
       is generated based on cmask.

Because this pretty well describes what's happening to us, I assume that
"cmask" is unitialized.  What, pray tell, is a "cmask",
and how is it initialized?  How does this differ from "umask", if at all?
I took some time to browse through the POSIXCBT tutorial
on HFS security, but cmask isn't mentioned.

Lee Gunter          [log in to unmask]
Regence BlueCross BlueShield of Oregon / Regence HMO Oregon
==========================================================
The opinions expressed, here, are mine and mine alone.

From: Glenn Cole <[log in to unmask]> on 11/11/98
      11:09 AM

Please respond to [log in to unmask]

To:   [log in to unmask]
cc:    (bcc: Lee Gunter/BCBSO/TBG)
Subject:  Re: HFS file security question

Jeff Vance writes:

> The shell lets you define
> the default ACD via umask.  The CI does not, so you get the most
> restrictive ACD [@.@:RACD] by default.

Wow -- there's restrictive, then there's RESTRICTIVE !
I've never seen anyone with a default umask of 777.

It seems like there could be a more reasonable alternative.
For example,

   1. assume a umask of 066
   2. search /etc/profile for a 'umask' command
   3. create a new r/w int    var HPUMASK, perhaps with default value 066
   4. create a new r/w string var HPPOSIXACD, perhaps with default value
        (@.@:RACD; !hpuser.!hpaccount:R,A,W,L,X,RACD).  Given the different
        allowable values between directories and non-directories, maybe
        even two vars would be useful.

I like the first option because of its simplicity, but the last may be
the most flexible.

Thoughts?

--Glenn Cole
  Software al dente, Inc.
  [log in to unmask]

.......................................................................

Item Subject: cc:Mail Text

ATOM RSS1 RSS2

RAVEN.UTC.EDU