Well, now, my interest is piqued, so I go to :HELP NEWDIR ... and I find
the following:
The default access given to dir_name depends on
whether or not the cmask has been initialized.
If cmask is uninitialized then access is defined
by an explicit ACD, which grants all access to
$OWNER, and only RACD access to $GROUP,
$GROUP_MASK and other (@.@). This is the behavior
from the CI. If cmask is initialized then an ACD
is generated based on cmask.
Because this pretty well describes what's happening to us, I assume that
"cmask" is unitialized. What, pray tell, is a "cmask",
and how is it initialized? How does this differ from "umask", if at all?
I took some time to browse through the POSIXCBT tutorial
on HFS security, but cmask isn't mentioned.
Lee Gunter [log in to unmask]
Regence BlueCross BlueShield of Oregon / Regence HMO Oregon
==========================================================
The opinions expressed, here, are mine and mine alone.
From: Glenn Cole <[log in to unmask]> on 11/11/98
11:09 AM
Please respond to [log in to unmask]
To: [log in to unmask]
cc: (bcc: Lee Gunter/BCBSO/TBG)
Subject: Re: HFS file security question
Jeff Vance writes:
> The shell lets you define
> the default ACD via umask. The CI does not, so you get the most
> restrictive ACD [@.@:RACD] by default.
Wow -- there's restrictive, then there's RESTRICTIVE !
I've never seen anyone with a default umask of 777.
It seems like there could be a more reasonable alternative.
For example,
1. assume a umask of 066
2. search /etc/profile for a 'umask' command
3. create a new r/w int var HPUMASK, perhaps with default value 066
4. create a new r/w string var HPPOSIXACD, perhaps with default value
(@.@:RACD; !hpuser.!hpaccount:R,A,W,L,X,RACD). Given the different
allowable values between directories and non-directories, maybe
even two vars would be useful.
I like the first option because of its simplicity, but the last may be
the most flexible.
Thoughts?
--Glenn Cole
Software al dente, Inc.
[log in to unmask]
.......................................................................
Item Subject: cc:Mail Text
|