HP3000-L Archives

November 1998, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: HFS file security question
From:
John Zoltak <[log in to unmask]>
Reply To:
John Zoltak <[log in to unmask]>
Date:
Wed, 11 Nov 1998 16:17:21 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (110 lines) 
Lee,

Right out of LaserRom is the text about cmask.

umask

Sets a process's file mode creation mask.

Syntax

     #include <sys/types.h>
     #include <sys/stat.h>
     mode_t umask (mode_t cmask);

Parameters

cmask      A bit map specifying a creation mask.  Bits that are not
           access permission bits must be set to zero or an error
occurs.

John Zoltak
North American Mfg Co

> -----Original Message-----
> From: Lee Gunter [SMTP:[log in to unmask]]
> Sent: Wednesday, November 11, 1998 3:51 PM
> To:   [log in to unmask]
> Subject:      Re: [HP3000-L] HFS file security question
>
> Well, now, my interest is piqued, so I go to :HELP NEWDIR ... and I
> find
> the following:
>
>                   The default access given to dir_name depends on
>        whether or not the cmask has been initialized.
>        If cmask is uninitialized then access is defined
>        by an explicit ACD, which grants all access to
>        $OWNER, and only RACD access to $GROUP,
>        $GROUP_MASK and other (@.@).  This is the behavior
>        from the CI.  If cmask is initialized then an ACD
>        is generated based on cmask.
>
> Because this pretty well describes what's happening to us, I assume
> that
> "cmask" is unitialized.  What, pray tell, is a "cmask",
> and how is it initialized?  How does this differ from "umask", if at
> all?
> I took some time to browse through the POSIXCBT tutorial
> on HFS security, but cmask isn't mentioned.
>
> Lee Gunter          [log in to unmask]
> Regence BlueCross BlueShield of Oregon / Regence HMO Oregon
> ==========================================================
> The opinions expressed, here, are mine and mine alone.
>
>
>
>
> From: Glenn Cole <[log in to unmask]> on
> 11/11/98
>       11:09 AM
>
> Please respond to [log in to unmask]
>
>
> To:   [log in to unmask]
> cc:    (bcc: Lee Gunter/BCBSO/TBG)
> Subject:  Re: HFS file security question
>
>
>
>
> Jeff Vance writes:
>
> > The shell lets you define
> > the default ACD via umask.  The CI does not, so you get the most
> > restrictive ACD [@.@:RACD] by default.
>
> Wow -- there's restrictive, then there's RESTRICTIVE !
> I've never seen anyone with a default umask of 777.
>
> It seems like there could be a more reasonable alternative.
> For example,
>
>    1. assume a umask of 066
>    2. search /etc/profile for a 'umask' command
>    3. create a new r/w int    var HPUMASK, perhaps with default value
> 066
>    4. create a new r/w string var HPPOSIXACD, perhaps with default
> value
>         (@.@:RACD; !hpuser.!hpaccount:R,A,W,L,X,RACD).  Given the
> different
>         allowable values between directories and non-directories,
> maybe
>         even two vars would be useful.
>
> I like the first option because of its simplicity, but the last may be
> the most flexible.
>
> Thoughts?
>
> --Glenn Cole
>   Software al dente, Inc.
>   [log in to unmask]
>
> ......................................................................
> .
>
> Item Subject: cc:Mail Text

ATOM RSS1 RSS2