On Aug 24, 12:09am, Jeff Kell wrote:
> Subject: Re: Saving file into another acct
> On Fri, 23 Aug 1996 22:48:01 GMT you said:
> >I would like to be able to create a drop box group that users from several
> >accounts would be able to save files into but not have access to reading
them.
> >I tried setting it up but it seems that you need SM capability to save files
> >in another account even if the access for the group and acct are set to
> >R,W,X,S,A,L:any.
> >Am I missing something or is it just not possible without giving SM to
> >everyone which is definitely not an option.
>
> On 5.0 (maybe 4.5?) at least some users can save across accounts. There are
> some restrictions on MPE accounts/groups (or were), but if you don't mind
> playing in the HFS namespace, you can create a "disembodied" directory under
> the system root and allow anyone to have read/write/save/etc access to it.
> For example, /tmp works this way.
True. As an example from the CI:
:newdir /share <-- creates dir "share" under root, need SM to do this
:listfile /share,-2 <-- show the default security is no access to anyone
except
owner and SM.
PATH= /
------------ACD ENTRIES-------------- FILENAME
@.@ : RACD share/
:altsec /share;repacd=(td,cd;@.acct1, @.acct2) <-- replaces original ACD so
all users in acct1 and acct2 can create files (CD)
and traverse through (TD) /share, but no one
but the owner or SM can read the directory entries
nor delete directory entries.
NOTE: this is a directory ACD and does not control the access to the individual
files contained within this directory. This access can be controlled
via individual ACDs.
:listfile /share,-2
PATH= /
------------ACD ENTRIES-------------- FILENAME
@.ACCT : TD,CD share/
@.ACCT2 : TD,CD
It would be nice if, at this point, you could specify the default (inherited)
ACD for all files and dirs that are created below /share.... but you can't
in the CI. In the POSIX shell you can define a UMASK that applies default
security.
regards,
Jeff Vance, CSY
--
|