LISTSERV - HP3000-L Archives

HP3000-L Archives

April 2003, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 2003, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: File Permissions??
From:	Tom Emerson <[log in to unmask]>
Reply To:	Tom Emerson <[log in to unmask]>
Date:	Wed, 2 Apr 2003 14:07:34 -0800
Content-Type:	Text/Plain
Parts/Attachments:	Text/Plain (69 lines)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 02 April 2003 12:53 pm, Gehan G. wrote:
> List friends,
>  I know I could look this up somewhere if I had more then 5
> minutes to my name.

Since I have 5 minutes or more available...

> On to the question about file permissions...
>
[how can mgr.lte modify the file lists.labs.lab?]

Simplest [i.e. least secure] is to RELEASE the file -- this allows ANYONE on
the system to do ANYTHING to the file [including PURGE]

Since this is a "cross-account" access, the next best bet is to issue commands
like:

   ALTACCT LAB;ACCESS=(r,w,l:any;x,s:ac)
[which allows people OUTSIDE of the LAB account the ability to READ, WRITE and
LOCK files, but restricts SAVE and EXECUTE access to members of the LAB
account]

   ALTGROUP LABS;ACCESS=(r,w,l,a:any;x,s:ac)
Ditto to the above with a difference: in addition to writing, APPEND access is
allowed "for anyone".

Note: I might have the "a" [append] access backwards in that this might be an
account level item, not group -- I know it is in one but not the other (or I
might be confusing this with "s" for save, which essentially allows you to
create new files altogether -- it HAS been a long time since I've had to deal
with things at this level...)

These are in some ways better, and some ways worse than RELEASing a file --
better because it is more obvious, worse in that this is "all or nothing" and
applies to ALL files in a group, not just the target file

The BEST solution would be to apply an ACD, which lets you specify all of the
above, but QUALIFIED to a particular user, i.e.

   ALTSEC LISTS.LABS.LAB;NEWACD=(MGR.LTE:r,w,l,a,s)   <--- check this syntax
with the on-line help!  While it is the best thing to use in this situation,
I rarely had a need to do things "this way" so I've not memorized the syntax

this specifically allows the MGR.LTE user the ability to manipulate this file
without compromising any other files in the group, nor worrying about
"CLERK.BILLING" being able to make changes to the file.

So, despite a little rustiness on details, I have to ask: was this answer
worthwhile for you?  [and if so, how worthwhile?  I can take a check, but
maybe I should set up a paypal "donation" page for people who don't have
their own 5 minutes to spare...]

- --
Yet another Blog: http://osnut.homelinux.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: http://osnut.homelinux.net/TomEmerson.asc

iD8DBQE+i18pV/YHUqq2SwsRAuDwAKDCet8I/44ASlWeTtFqXE9b+6JGEwCgyJiv
aQoFeYzc957buMqdxI/S1CI=
=Urgg
-----END PGP SIGNATURE-----

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU