Bob Walker wrote:
> Make sure if you create /usr/local it has security 777.

No! No! No!  Run away!  Run away!  Run away!

This will make a very significant directory world-writeable, which is
essentially setting up an account/group with access=(r,a,w,l,x,s:any).
You really, really, really don't want to do this (I'd add some more
exclamation marks, but I just exhausted my monthly quota above).

It's little quirks like this that cause many Un*x security problems.

For MANAGER.SYS especially, and other users in general, I would strongly
suggest that you set umask = 077 in /etc/profile or ~/.profile.  This
results in all your files being created which only you have access to
*unless* you specify otherwise with a chmod.  (or umask 007 if you trust
other users of your account).  Posix permissions override "some" of the
default MPE security issues of traditional account/group ACCESS= parms.
Just because a user has no access to the containing MPE group doesn't
protect any HFS directories created beneath it (or in the /usr/local
case, it is totally irrelevant to SYS ACCESS= parms since root-created
HFS dirs don't belong to any account/group).

Jeff Kell <[log in to unmask]>