Newsgroups: comp.sys.apollo Path: utzoo!utgpu!news-server.csri.toronto.edu!helios.physics.utoronto.ca!alchemy.chem.utoronto.ca!system From: system@alchemy.chem.utoronto.ca (System Admin (Mike Peterson)) Subject: Re: ignoring umask and ownership when creating files ... Message-ID: <1991Feb20.201336.23750@alchemy.chem.utoronto.ca> Organization: University of Toronto Chemistry Department References: <1991Feb20.052633.3894@wpi.WPI.EDU> Date: Wed, 20 Feb 1991 20:13:36 GMT In article <1991Feb20.052633.3894@wpi.WPI.EDU> ajb@wpi.WPI.EDU (Arthur J. Butler) writes: >hi, > >i've recently installed 10.3 (large aegis and bsd) on our dn3500. i >used import_passwd and syncids to create the accounts. i created a >directory /usr/users where the home directories will be located. root >owns this directory and the mode is 755. in /usr/users i have a >directory called ajb (owned by ajb with 755 permissions). when user >ajb logs in, all files he creates in his home directory are owned by >"none" and his umask is totally ignored. when user ajb creates a file >in /tmp, then the file ownership is ok but again the umask is ignored. >this is all operating under bsd4.3 environment using csh. Make sure that the directory /usr/users (and /tmp probably) has "Berkeley ACLs" - see the 'chacl' command. The idea is: chacl -R -B /usr/users cd /usr/users foreach $username (*) chown -R $username.group $username end chacl -B /sys/node_data/tmp chmod 777 /sys/node_data/tmp where 'group' is the desired group. The chacl command recursively applies BSD directory/file inheritance properties onto /usr/users (so that the umask will then be used as the mask for permissions, and the group will be inherited from the directory a la BSD), and of course the chown fixes all the existing files and directories. You will probably also have to chmod existing files/directories. The Apollo default permissions are not umask-based (instead fixed rights will be applied and a fixed owner/group will be applied), and will be used for all new files/directories by default. You can 'chacl -B' most of the /bsd4.3 and /usr tree without problems. WARNING - while you can safely chacl -B much of the file system, do not do this on /sys. I have protection scripts that will close up a SR10.x (x=0,1,2,3) BSD node as tightly as possible, and will also force proper ACLs/permissions onto all files/directories, including the /sys tree. They do a preliminary job on SYSV and /com, and disable most dangerous commands from normal users, and also set privacy ACLs on mail, etc. These scripts should be available in the ADUS library (but won't handle SR10.3 completely - they'll come close though), or given sufficient demand, I will post them here. It appears that closed ACLs as of 10.3 come pretty close to a real UNIX system, but I won't find out for sure until I do an install onto a newly invol'ed disk. SR10.[012] were no where near. -- Mike Peterson, System Administrator, U/Toronto Department of Chemistry E-mail: system@alchemy.chem.utoronto.ca Tel: (416) 978-7094 Fax: (416) 978-8775