Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!samsung!munnari.oz.au!bruce!merlin!robinb From: robinb@bhpmrl.oz.au (Robin Brown) Newsgroups: comp.sys.apollo Subject: Re: ignoring umask and ownership when creating files ... Message-ID: <1991Feb26.042347.19883@bhpmrl.oz.au> Date: 26 Feb 91 04:23:47 GMT References: <1991Feb20.052633.3894@wpi.WPI.EDU> <1991Feb20.201336.23750@alchemy.chem.utoronto.ca> Organization: BHP Research - Melbourne Laboratories, AUSTRALIA Lines: 32 system@alchemy.chem.utoronto.ca (System Admin (Mike Peterson)) writes: >I have protection scripts that will close up a SR10.x (x=0,1,2,3) >BSD node as tightly as possible, and will also force proper >ACLs/permissions onto all files/directories, including the /sys tree. >They do a preliminary job on SYSV and /com, and disable most dangerous >commands from normal users, and also set privacy ACLs on mail, etc. >These scripts should be available in the ADUS library (but won't handle >SR10.3 completely - they'll come close though), or given sufficient demand, >I will post them here. It appears that closed ACLs as of 10.3 come >pretty close to a real UNIX system, but I won't find out for sure until >I do an install onto a newly invol'ed disk. SR10.[012] were no where near. Yes please I've been after something like this for ages. I recently installed 10.3 on some of our machines and discovered the following: If you load sr10.3 on a virgin disk booting off cartridge tape the system is still partially open even when you specify 'closed' eg /com /etc /install /lib /sau7 are wide open ('cops' had a field day :-). When you push it across from the AA on another node things are better but still not perfect eg /install is still wide open. Robin /\/\ Robin Brown (Mr) / / /\ Support Engineer (Unix systems & CAD/CAM/CAE) / / / \ Computer Systems Group / / / /\ \ BHP Research - Melbourne Laboratories \ \/ / / / 245 Wellington Rd Mulgrave Vic 3170 AUSTRALIA \ / / / Phone : +61-3-560-7066, Fax : +61-3-561-6709 \/\/\/ ACSnet : robinb@bhpmrl.oz.au Brought to you by Super Global Mega Corp .com