Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site ttrdc.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!mgnetp!ltuxa!ttrdc!kad From: kad@ttrdc.UUCP (Keith Drescher) Newsgroups: net.micro.att Subject: Re: pc7300 security Message-ID: <316@ttrdc.UUCP> Date: Thu, 1-Aug-85 21:20:52 EDT Article-I.D.: ttrdc.316 Posted: Thu Aug 1 21:20:52 1985 Date-Received: Sat, 3-Aug-85 04:23:43 EDT References: <141@gwsd.UUCP> Reply-To: kad@ttrdc.UUCP (Keith Drescher) Organization: AT&T Computer Systems Division, Skokie, Ill. Lines: 47 Keywords: 7300 security user-agent Summary: In article <141@gwsd.UUCP> revc@gwsd.UUCP (Bob Van Cleef) writes: >There appears to be a lack of concern about security in the current >implementation of the pc7300 User Agent. > > If you are a "EXPERT USER" as defined by the User Agent, > you can add and delete users, cancel print jobs, and > basically have a good time. Any "EXPERT USER" has full > access to all of the system administrative functions. > >You can control this to a certain extent by defining an account to >be a non-expert, but a NON-EXPERT CAN REDEFINE THEMSELVES TO BE >AN EXPERT!!! > >Also, you cannot isolate authority to access Unix (which has all of >the normal security features) from having access to system administration, >which has NO security. If you are concerned about the destructive >effects of a non-expert user that likes to "try things" then you >must not allow them access to the User Agent at all! > >Comments? >--------- You can keep users from accessing UNIX System via the User Agent (ua) by editing /usr/lib/ua/Office. Simply comment out the line with UNIX System and the few lines following it (Default = , Open =, etc) by placing #'s in front of them. This keeps anyone from accessing UNIX from ua by removing UNIX System from the Office menu. Note: if you so wish, (and I doubt it) you can change whatever option is currently on Open (Open=EXEC -?.... to Open=EXEC -dp ....) this opens a UNIX shell with root permissions, # prompt and everything. How's that for lack of security? >Note: You can login as root from all ports, including the modem. >-- Our PC will sometimes allow you to login as root from the modem, and sometimes responds "illegal login" or some such nonesense when you enter "root" in response to "Please Login" it's really flakey about it. Keith Drescher, AT&T Computer Systems Division, Skokie, IL. -- ------------------------------------------------------------------------- Keith Drescher (kad@ttrdc) | ... You can check out any | time you like - but you can PATH: ...!ihnp4!ttrdc!kad | never leave ... -------------------------------------------------------------------------