Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!cs.utexas.edu!oakhill!nddsun1!digital!digital.sps.mot.com!chen
From: chen@digital.sps.mot.com (Jinfu Chen)
Newsgroups: comp.sys.apollo
Subject: Re: security with rc files
Message-ID: <4f26876d.1fe60@digital.sps.mot.com>
Date: 12 Jan 91 00:34:22 GMT
References: <9101111133.AA13945@apo.esiee.fr>
Sender: news@digital.sps.mot.com
Organization: Motorola, LICD, SPS, Mesa, AZ
Lines: 40
Nntp-Posting-Host: zebra

In article <9101111133.AA13945@apo.esiee.fr> bonnetf@apo.esiee.fr (bonnet-franck) writes:
>5 - These files are protected at install on a disked machine, why aren't they
>    during the /sys/node_data.xxx creation ??? 
>    As Mr Spock could say : "This should be logical captain" .

When booting a node diskless from another node, I believe netmain executes
some scripts in /sys/net/netmain_???.sh. For example, netmain_bin.sh

#
#   { Now create a `node_data/etc directory, if one does not exist, and copy /etc/templates in.
#
if [ ! -d $DIR/etc ] ; then
   mkdir $DIR/etc
   /usr/apollo/bin/cpacl -odf /sys/node_data/etc $DIR/etc
fi

or in netmain_com.sh:

#
#   { Now create a `node_data/etc directory, if one does not exist, and copy /etc/templates in.
#
/com/cpt /etc/templates ^DIR/etc -md -sacl

As shown, the rc.* files (as well as crontab files) are copied from the
/etc/templates directory, NOT from /sys/node_data/etc. Your diskless
node will get whatever acls you have in your /etc/templates. I'll bet your
/etc/templates directory are wide open (I didn't know it until cops
complaining). This could be somewhere in TFM as well (nope, TFM only talks
about /sys/dm/startup_templates :-().




-- 
Jinfu Chen                  (602)898-5338 
Motorola, Inc.  SPS  Mesa, AZ
 ...uunet!motsps!digital!chen
chen@digital.sps.mot.com
CMS: RXFR30 at MESAVM
----------