LISTSERV - HP3000-L Archives

HP3000-L Archives

March 2013, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 2013, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: access to posix files by a user who didnt create or doesnt own them
From:	"Bahrs, Art" <[log in to unmask]>
Reply To:	Bahrs, Art
Date:	Wed, 27 Mar 2013 11:47:08 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

Hi All :)
   While Lars' answer is correct... I am concerned that the access being granted via the chmod command is a bit much... '777' will ensure that anyone will be able to access the file(s)... they will be able to do anything and everything to the poor little file and/or directory/group.

   I would caution that while most Auditors don't have a clue about access rights on *nix systems... they do have in their "script" that '777' is bad :) hehehe... this could lead to needless discussions with (fresh out of school) Auditors....

Thanks
Art

Art Bahrs, CISSP
Security Engineer (Oregon Region)
(971) 282-0927

-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On Behalf Of Lars Appel
Sent: Wednesday, March 27, 2013 11:40 AM
To: [log in to unmask]
Subject: Re: access to posix files by a user who didnt create or doesnt own them

John Pitman wrote:
> In the end I am streaming a job that goes to shell then executes a
> script to
>
> Chmod 777 /DIR1/DIR2/dir3/*

Well, something similar to this should also work without an extra job...

  :xeq /bin/sh "-c ' chmod 777 /DIR1/DIR2/dir3/* '"

As an alternative to chmod, you should also be able to use the MPE ALTSEC command with the NEWACD (or some related option) to set (or modify) the ACD on the respective files...

  e.g. ALTSEC /DIR1/DIR2/dir3/somefile ;NEWACD=(R,W:@.SOMEACCT)

However, I am not sure if ALTSEC allows wildcards for filenames. MPEX may help.

Lars.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU