Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!hao!ames!sdcsvax!ucbvax!germany.CSNET!F1142S30%unika2
From: F1142S30%unika2@germany.CSNET (Juergen Renz)
Newsgroups: comp.os.vms
Subject: Allowing write access to directories and the problems
Message-ID: <8708091443.AA16127@ucbvax.Berkeley.EDU>
Date: Fri, 7-Aug-87 18:13:00 EDT
Article-I.D.: ucbvax.8708091443.AA16127
Posted: Fri Aug  7 18:13:00 1987
Date-Received: Sun, 9-Aug-87 22:01:06 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 43

Hi netlanders,

there was a discussion about diskquota problems where Anil Khullar writes:

> You have to first check if the user who created the files has privs
> such as SYSPRV ? It allows user to create files with either his/her
> UIC or that of another UIC. Since it is possible also that the
> intended directory could have RWED to group or world may allow
> different users to write files into it. A common phenomenon in some
> directories at our site (We also run EUNICE which as /tmp writable
> and also /usr too...which as all too-corruptible bin files also )
>  
> A workble solution is to prevent group either W or D access to all
> but their own and provide ACL controls to directories that need to
> be shared by users from different groups ....

That brings me to a problem which I (and most VMS users) have with directories
that are writable by other users.

My question is:

  How can I prevent other users from affecting my directory, 
  e.g. setting it to nodirectory or removing file names.
  What I want is: allow anybody to create files in my directory, but under
  their UIC, so that they as well as I can delete these files.
  I use an ACL on the directory to give me full access to all files
  copied into that directory.
  But allowing write access to a directory means everyone may do anything
  with it except delete it.
  
A similar problem is the management of lost files.
  ANALYZE/DISK/REPAIR enters them automaticly in the [SYSLOST] directory.
  But then I have the work to move them into the home directory of the owner.
  I want the (nonprivileged) owners do the work for me, but if I allow
  write access to SYSLOST.DIR, I have the same problem as above.

Please don't flame if the only solution is a program installed with SYSPRV,
I thought of that before.

Juergen Renz        Universitaet Karlsruhe              Mailing address:
Falkengarten 7      Institut fuer Informatik IV
D-7530 Pforzheim                                  F1142S30%UNIKA2@GERMANY.CSNET
West-Germany                                      RENZ%IRAVCL@GERMANY.CSNET