Newsgroups: comp.sys.apollo Path: utzoo!utgpu!news-server.csri.toronto.edu!helios.physics.utoronto.ca!alchemy.chem.utoronto.ca!system From: system@alchemy.chem.utoronto.ca (System Admin (Mike Peterson)) Subject: Re: Apollo problem list / tirade... Message-ID: <1991Feb26.160744.16393@alchemy.chem.utoronto.ca> Organization: University of Toronto Chemistry Department References: <9102252009.AA09593@hwcae.cfsat.honeywell.com> Date: Tue, 26 Feb 1991 16:07:44 GMT In article <9102252009.AA09593@hwcae.cfsat.honeywell.com> davidy@hwcae.cfsat.honeywell.com (David Young) writes: >> > H52) lack of file system security for Domain/OS files on systems in a >> > supposedly "closed" environment. >> > [Apollo response: use 'inprot'; the problem with this is that you must >> > supply a script of what to change and how - if I knew what needed to be >> > changed, and to what ACL's, I would have already done it] APR # dc6fa. >> True. A boilerplate was promised at 10.2. It never showed up. I have a >> 12 page template that does a pretty good job (though we don't get paranoid). >> HP/APOLLO : I WANT A TEMPLATE!!!! >> >> > N41) a complete set of file and directory ACL's is needed to properly >> > configure the file system, as these are not set correctly or consistently >> > by the installation procedure. >> > [Apollo response: will not be done before SR11] Call # 254175, APR # >> > dcd46. >> Agreed, but it's "deja vu" time. See H52. > >But there is a template file! Read the release notes: > > 2.5.3 New Template File for ACLs > > We have included a "canned" template file that you can use with the > inprot (install protections) tool to change open Domain/OS ACLs to > closed. The file is located in: > > /install/templates/apollo/os.v.10.2/ip.closed_sysv > >The template file *also* comes with the SR10.3 RAI tapes. At least its a start! There is no template file mentioned in the SR10.3.p release notes (I didn't keep the SR10.3 release notes around). My AA has been deleted, so I can't look, but will when I reload it to install the latest compilers (which I got yesterday). From the look of the name of that file, it might not be loaded unless you load SYS5 - we load only Aegis (out of necessity to have a controlable system) and BSD (because we want it). I also got an e-mail message the recently that said that the ACLs on SR10.3.p are still open even for 'closed' installations if you install onto a freshly-invol'ed disk. -- Mike Peterson, System Administrator, U/Toronto Department of Chemistry E-mail: system@alchemy.chem.utoronto.ca Tel: (416) 978-7094 Fax: (416) 978-8775 Brought to you by Super Global Mega Corp .com