Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!caen!news.cs.indiana.edu!ux1.cso.uiuc.edu!usenet
From: windemut@lisboa.ks.uiuc.edu (Andreas Windemuth)
Newsgroups: comp.sys.next
Subject: Re: Toward a "Public NeXT Lab" guidebook
Message-ID: <1991Jun14.221118.19538@ux1.cso.uiuc.edu>
Date: 14 Jun 91 22:11:18 GMT
References: <9106141908.AA25449@cheops.cis.ohio-state.edu>
Sender: usenet@ux1.cso.uiuc.edu (News)
Organization: University of Illinois at Urbana
Lines: 36

In article <9106141908.AA25449@cheops.cis.ohio-state.edu>  
CCGREG@umcvmb.missouri.edu (Greg Johnson) writes:
> 
> The NeXT System Admin manual toward the end offers suggestions for protecting
> system files.  Follow them.  There are more protections to consider, and when
> I become more confident in my pronouncements, or get some of that expert
> advice I have here solicited, I will try to summarize specific security
> considerations for a public NeXT lab.
> 
> One thing you must do is set up a model account, and make that the default
> configuration for creating new accounts.  Create a new account, and use
> Preferences to set the file creation default permissions to allow access to
> files only by the owner.  Put the applications you want the new user to see
> in the Icon dock.  Put important directories on the file viewer shelf!
> Clean up unneeded files;  I left only Mailboxes for my default user so they
> could get their message from Steve J.  Use chmod -R go-wrx ~ to disallow
> access to the remaining files.  Test security via yet another account.
> 

I don't think default read protection is a good idea.
It leads to trouble with no end when you want to share
data with others. No more "just get it from my home directory"
if somebody wants some data from you. I have seen more than
once huge amounts of time wasted when things didn't work
because of some stupid read protection that nobody wanted anyway.
Usually the Mailboxes are the only thing really requiring
read protection from the beginning.
--
		Andreas Windemuth

+--------------------------------------------------------------------
|Theoretical Biophysics 		windemut@lisboa.ks.uiuc.edu
|University of Illinois			Tel: (217)-244-1612
|3121 Beckman Institute			Fax: (217)-244-8371
|405 N Mathews, Urbana, IL61801		NeXTmail Ok
+--------------------------------------------------------------------