Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!apple!usc!zaphod.mps.ohio-state.edu!uwm.edu!linac!att!ucbvax!PAN.SSEC.HONEYWELL.COM!thompson From: thompson@PAN.SSEC.HONEYWELL.COM (John Thompson) Newsgroups: comp.sys.apollo Subject: re: Security issues (was Apollo problem list / tirade) Message-ID: <9102272010.AA14225@pan.ssec.honeywell.com> Date: 27 Feb 91 20:10:48 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 28 <> > I have some concerns about the "closed" installation > and security also. I like to use plain Berkeley UNIX > ... > Is "chmod -R o-w" really going to wreak havoc somewhere? Certainly this will cause you grief in the `node_data (normally /sys/node_data) directory. In addition, diskless nodes may catch grief if the /sys directory of the parent isn't right, since netman creates a node_data. entry for the diskless node's `node_data. You can fix that part by having the /sys/net/netman.???_sh script(s) set ACLs as needed. I'm not sure about the rest of the tree. There are probably other places in the /sys tree that are sensitive, and there may be other areas in the noraml tree. I try and set up close-to-Berkeley protections in the bsd4.3 directories, close-to-SysV prots on the sys5.3 directories, and Aegis-type ACLs on the Aegis-type directories. It's a mish-mash, but it more-or-less works. -- jt -- John Thompson Honeywell, SSEC Plymouth, MN 55441 thompson@pan.ssec.honeywell.com Me? Represent Honeywell? You've GOT to be kidding!!!