Path: utzoo!attcan!uunet!samsung!zaphod.mps.ohio-state.edu!swrinde!ucsd!ucbvax!apo.esiee.fr!bonnetf
From: bonnetf@apo.esiee.fr (bonnet-franck)
Newsgroups: comp.sys.apollo
Subject: Registries and security
Message-ID: <9010291025.AA01144@apo.esiee.fr>
Date: 29 Oct 90 20:22:15 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 39
X-Unparsable-Date: Mon, 29 Oct 90 11:25:22 HIV

Hi,

I would like to inform Internet APOLLO users that
it should be VERY important to set only ONE owner of the
registries using /etc/edrgy ...

At the beginning we had set "root.%.%" as the owner
of all our registries, and it was a security mistake .

Now we have set "root.staff.none" as the owner of ALL
the accounts, in this configuration ONLY "root.staff.none"
is allowed to modify registries .

In the past anybody was able to add, for example, a 
"root.server.none" entry in the registries and then 
this user could be logged as ROOT on the system ( bad )...

In order to protect better the system we have protected 
the /etc/edrgy command like the following :

$ lsacl /etc/edrgy
	root.staff.none       	prwx-
	%.staff.%           	[Ignore]
	%.%.none            	[Ignore]
	%.%.%               	----k
  
Of course you have NOT to forget the root.staff.none 
password ... But here we run in a very agressive environement.

I hope this could help.

-------------------------------------------------------------------------------|
bonnetf@apo.esiee.fr                     |                                     |
Frank Bonnet                             | Surfing ...                         |
E.S.I.E.E                                |                                     |
BP99 93162 Noisy le Grand cedex.FRANCE.  | the rest is details !               |
Fax   : 33 1 45 92 66 99                 |                                     |
-------------------------------------------------------------------------------|