Yes, releasing the UDC worked. It is a system UDC. We also have another
system UDC - SYSUDC1.SYSTEM.LIB,
READ :ANY
WRITE :ANY
APPEND :ANY
LOCK :ANY
EXECUTE :ANY
**SECURITY IS ON
group system :-
READ :ANY
WRITE :AC
APPEND :AC
LOCK :ANY
EXECUTE :AC
account lib :-
READ :ANY
WRITE :ANY
APPEND :ANY
LOCK :ANY
EXECUTE :ANY
But users have no problem accessing this UDC eventhough security is on, but
as soon as security is on UDCFILE1.GEN.SYS they can not access it.
I have not tried an ACD, but will test it asap. Nearly all of our users do
not get to the MPE prompt.
regards ... Terry
At 07:02 PM 2/11/97 -0500, you wrote:
>So, did releasing it work?
>
>Have you tried an ACD for X:ANY? I am less sure that locking is
>necessary. That should extend access while getting around RELEASE /
>SECURE restrictions. Are they system UDCs? If not, just grant access to
>the 'friend' accounts or users (@.ACCOUNT or USER.@).
>
>I favor extreme paranoia when it comes to security: I assume that there
>is someone smarter than me (and I test in the upper 2% on more than one
>standardized test) who knows more than me (no lack of those) and who is
>going to spend time trying to hack any info about my system that they
>can. Of course, I have induced extreme paranoia by being that person on
>various systems, even the one I use now before I was given more than a
>'guest' sign-on. But, my point is that I don't want non-admin users
>reading my UDCs or much of anything else. What if they FTP a Trojan
>horse over MAIN.PUB.VESOFT; say one that captures passwords instead of
>verifying them, and that lets them on the system?
>
>I counter this user-hostility by creating 'eponymous' UDCs, based on a
>similar idea from our ORACLE UDCs. The UDC file contains a UDC of the
>same name, which is a series of ECHO statements telling users what I do
>want them to know, so typing the UDC filename echoes the statements and
>HELP UDCname lists them. ORACLE used comments, so typing the UDCname did
>nothing.
>
>Opinions are mine; unless they come from that voice in my head...
>
>>----------
>>From: Terry Prime
>>Sent: Tuesday, February 11, 1997 12:03 PM
>>To: [log in to unmask]
>>Subject: [HP3000-L] still a udc problem
>>
>>MPE 5.0 powerpatch 4.
>>
>>I set the file UDCFILE.GEN.SYS as :-
>> READ :AC
>> WRITE :AC
>> APPEND :AC
>> LOCK :ANY
>> EXECUTE :ANY
>> **SECURITY IS ON
>>
>>I set the group GEN.SYS as :-
>> READ :GU
>> WRITE :GU
>> APPEND :GU
>> LOCK :ANY
>> EXECUTE :ANY
>> SAVE :GU
>>
>>The account SYS is :-
>> READ :ANY
>> WRITE :AC
>> APPEND :AC
>> LOCK :ANY
>> EXECUTE :ANY
>>
>>According to the information I was given, this is all that is needed for a
>>user to be able to read/access the UDC. Unfortunately not - it did not
>>work, the UDC could still not be accessed while it was secure.
>>No wonder I am going bald!!!!!!!
>>
>>regards ... Terry
>>Signature:
>> Terry Prime
>> Client Services Officer
>> Queensland University of Technology
>> phone: (07)38641784 fax (07)38641343
>> Internet:[log in to unmask]
>>
>>Disclaimer:
>> What i have said is my opinion and does not reflect the
>> opinion of my employer or co-workers
>>
>
>
Signature:
Terry Prime
Client Services Officer
Queensland University of Technology
phone: (07)38641784 fax (07)38641343
Internet:[log in to unmask]
Disclaimer:
What i have said is my opinion and does not reflect the
opinion of my employer or co-workers
|