HP3000-L Archives

July 2004, Week 5

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Mpe, saving files and ACDs
From:
Lars Appel <[log in to unmask]>
Reply To:
Lars Appel <[log in to unmask]>
Date:
Fri, 30 Jul 2004 23:43:11 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Tony,

without SM capability, users are not allowed to save files
across account boundaries when the target is an MPE group.
Unfortunately you cannot create an ACD for an MPE group, it
is controlled by the classic security matrix. You might be
able to use an HFS subdirectory and assign an appropriate
ACD to that, either via ALTSEC or Posix chmod. The ACD will
probably be more flexible...

  :sh
  $ mkdir /TRIAL/PUB/subdir
  $ chmod o+rwx /TRIAL/PUB/subdir

The above will open the subdirectory for read, write and
traverse access for "other" i.e. users other than owner or
same posix group membership (same logon account). With an
ACD you could probably restrict this to only users from
the DEVELOP account...

  :newdir /TRIAL/PUB/subdir
  :altsec /TRIAL/PUB/subdir ;addpair=(rd,td,cd,dd,racd:@.develop)

This will grant read, traverse, create entry and delete
entry permissions for all users of the DEVELOP account.
Oops, and read acd, i.e. examine security settings with
either LISTFILE,ACD or "ls -l".

You could even create HFS directories at the group level,
but this might not be a 100$ replacement for a real MPE
group. For example, no capabilities at HFS directory level,
so no chance to run programs with special capabilities.

Lars.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2