LISTSERV - HP3000-L Archives

HP3000-L Archives

January 2001, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 2001, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Is OPERATOR.SYS necessary?
From:	Gavin Scott <[log in to unmask]>
Reply To:	Gavin Scott <[log in to unmask]>
Date:	Fri, 19 Jan 2001 11:21:16 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (18 lines)

Doug writes:
> I don't think so. We've moved the operator functions to
> OPERATOR.ACCOUNTS and while we left OPERATOR.SYS, we "took the
> teeth out of it" by removing OP and other capabilities, so it
> can't do one bloody thing.

Keep in mind that it's still a user in the SYS account, so you want to make
sure that people can't log on to it.  Being a user in an account (and
especially being able to log on into an arbitrary GROUP) will give even a
"no capability" user some power over files that exist there, and when it's a
privileged ACCOUNT, that's not a good thing.

You must prevent untrusted users from gaining the ability to create a file
in a group with PM capability, and you must stop them from gaining write
access to *any* executable file in any group with PM.

G.

ATOM RSS1 RSS2

RAVEN.UTC.EDU