Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!mit-eddie!genrad!decvax!ucbvax!apollo.UUCP!mishkin
From: mishkin@apollo.UUCP (Nathaniel Mishkin)
Newsgroups: comp.sys.apollo
Subject: Re: PROJLIST
Message-ID: <8706161258.AA05785@apollo.UUCP>
Date: Tue, 16-Jun-87 08:46:22 EDT
Article-I.D.: apollo.8706161258.AA05785
Posted: Tue Jun 16 08:46:22 1987
Date-Received: Sun, 21-Jun-87 07:44:32 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 32


    
    Does anyone know what the PROJLIST environment variable is used for?
    In the manuals, this variable is reported to be used to determine
    whether users are "placed in their project lists" (or some such)
    when they log in.  What does this mean?  What are the advantages
    / disadvantages of being placed in one's project list?  Our local
    Apollo people don't know.

A process's identity is a (person, project, organization, node,
project-list) tuple.  This identity is used for all rights (access)
checking.  A "project-list" is simply a vector of projects.  If PROJLIST
is NOT "true", then when you log in, your identity is set to have a null
project list.  If PROJLIST is "true", then your identity is set to have
a project list that is made up from the project field from all your
accounts in the registry (i.e. all accounts that have the same person
field as the one your logging in under).

Access checking uses your project list in the following way:  If the
ACL you're being checked against doesn't have a match based on your
(person, project, organization), then if the ACL has an entry of the
form "%.someproj.%.%", and "someproj" is in your project-list, the rights
associated with that entry apply to you.

Phew.

In case it's not obvious, this is all mechanism to support the BSD stuff
that allows you to be in multiple groups.

                -- Nat Mishkin
                   Apollo Computer Inc.
-------