Subject: | |
From: | |
Reply To: | |
Date: | Tue, 1 Nov 2005 13:48:24 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Gilles Schipper wrote:
> I don't think that will work.
>
> AL is applicable only for account users - so operator.sys, even though
> given AL capability, will NOT be considered an AL user with
> respect to any file in the SYSLOCAL account, let alone the JOBS.SYSLOCAL
> group.
>
> The real solution would be if you could ALTSEC the JOBS.SYSLOCAL group
> to place ACD's on the group.
Another option which may or may not satisfy your requirements is to change the owner:
> (MANAGER.SYS): print foo
> foo
> (MANAGER.SYS): copy foo,foo2
> (MANAGER.SYS): print foo2
> foo
> (MANAGER.SYS): altfile foo2;owner=JEFF.DEV
Now you can do the somewhat unthinkable:
> (JEFF.DEV)# print foo.manager.sys
> ^
> SECURITY VIOLATION (FSERR 93)
> The PRINT command failed. (CIERR 9080)
> (JEFF.DEV)# print foo2.manager.sys
> foo
This appears to override even restrictive traditional security.
> (JEFF.DEV)# listfile foo2.manager.sys,security
> *****************************************
> FILE: FOO2.MANAGER.SYS
>
> ACCOUNT ------ READ : ANY
> WRITE : AC
> APPEND : AC
> LOCK : ANY
> EXECUTE : ANY
>
> GROUP -------- READ :
> WRITE :
> APPEND :
> LOCK :
> EXECUTE : AC
> SAVE :
>
> FILE --------- READ : ANY FCODE: 0
> WRITE : ANY **SECURITY IS ON
> APPEND : ANY NO ACDS
> LOCK : ANY
> EXECUTE : ANY
>
> FOR JEFF.DEV: READ, WRITE, EXECUTE, APPEND, LOCK
Jeff
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|