LISTSERV - HP3000-L Archives

HP3000-L Archives

April 1995, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 1995, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: MPE 5.0 and posix /unix commands
From:	Craig Fairchild <[log in to unmask]>
Reply To:	Craig Fairchild <[log in to unmask]>
Date:	Fri, 7 Apr 1995 17:48:08 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (57 lines)

John Bardessono writes:

>After loading MPE/ix 5.0, I signed on as a normal user (ie with
>capabilities of ia, ba, ns, sf) and tried some new commands CHDIR.
>
>Now any user can change from there default logon group and account to
>any group and account on the system!  I'll most liking lock this down
>with a UDC but, what is your opinion of this.
>
>I prefer to keep users in there logon group/account and would prefer
>to beable to ad some ACD (access control definintions) to our normal
>MPE groups/accounts.

It's a very common misunderstanding to associate your Current Working Directory
(CWD) with your logon group, since in the past your logon group doubled as both
the CWD and the logon group.  The logon group is instrumental in determining
what access you have to files (determining whether or not you belong to the
group user (GU) class).  It also is the location that your CPU and connect
time account to when you log off.  The CWD is a naming shortcut.  It allows
you to say FOO instead of FOO.GROUP.ACCOUNT.  It has no bearing on security or
access to a file, or the ability to create or purge a file.

>From your message, it appears that you believe that allowing a user to place
their CWD (via the :CHDIR command) to another group or account provides some
type of additional access to the files there.  Let me assure you that that is
not the case!  Placing your CWD into PUB.SYS (or /SYS/PUB - whichever way you
prefer) makes no difference in the access that you have to files in that
location.  You cannot create files, purge files, read, write, or do anything
else, unless you already had the ability to do that (i.e. you had SM
capability).  All it lets you do is say :PRINT CATALOG, rather than
:PRINT CATALOG.PUB.SYS.

The thing that makes this confusing is the :CHGROUP command.  :CHGROUP makes it
hard to see the difference between the logon group and the CWD.  Whenever you
do a :CHGROUP, it actually logs you off and then back on, very quickly.  Check
the CPU and connect times of the old group (via the :REPORT command) just after
you do a :CHGROUP and you'll see that they were updated with the amount of
time you spent in that group before you "moved" over to your new group.  The
:CHDIR command makes the difference between the CWD and logon group obvious by
allowing you to shortcut your naming independently of changing your logon
group.  Of course, the logon group must stay within your logon account, and so
the :CHGROUP command will (still) not allow you to move your logon group
outside that realm.  By the way, the :CHGROUP command still changes both the
CWD and the logon group, so that if they were pointing to different locations
before a :CHGROUP, afterwards they'd both be pointing to the same group.

Another interesting thing that you noted was that you'd like to be able to
place ACDs on groups and accounts.  We've kicked this idea around for a long
time and really like the idea.  It'd allow things like "hiding" groups and
accounts from curious people doing :LISTFs.  The way that you could help us
get to do this would be to work through SIGMPE to get this enhancement voted
in.  IPROF is just wrapping up now, but Interex in Toronto will be coming up!

I hope I've cleared things up and not made them more confusing!

Craig

ATOM RSS1 RSS2

RAVEN.UTC.EDU