Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!umd5!uflorida!beach.cis.ufl.edu!jmb From: jmb@beach.cis.ufl.edu (John M Boof) Newsgroups: comp.os.vms Subject: Re: Has anyone written their own CLI? Message-ID: <15379@uflorida.cis.ufl.EDU> Date: 5 May 88 07:05:29 GMT References: <191@dogie.edu> Sender: news@uflorida.cis.ufl.EDU Reply-To: jmb@beach.cis.ufl.edu (John M Boof) Organization: UF CIS Department Lines: 46 Summary: Make sure you check the loopholes when restricting commands In article <191@dogie.edu> dorl@vms.macc.wisc.edu (Michael Dorl) writes: >I'd like to talk to anyone who has written their own command language >interpreter for VMS. Better yet, I'd like to see an example. What >I need to do is to provide a highly efficient platform to restrict >certain users to a subset of available programs and commands so I >need a CLI that accepts and parses user commands, loads the required >programs, and provides whatever interfaces the VMS CLI would otherwise >provide. > Since I am not sure where you are heading, this may not be applicable to your situation, but if it is, you had better realize this: If you end up using the Command Language Definition utilities to create your own command tables with certain commands filtered out, you will not keep the user of this command table (tie them to the table in the uaf file) from using those 'hidden' commands. They cannot execute the images themselves eaffectively, since any required qualifiers would cause the image to crash. They can, however execute images that only need parameters by setting up a symbol to run the image (doit := $sys$system:type) beforehand. And even if this is acceptable, the user can simply re-install the commands that you took away from them with a SET COMMAND command, using the DCLTABLES file, or using their own CLD file (which has VERB extractions of the missing ones). And if you search the commands that they enter to filter out some verbs, that won't stop them either, since they can use symbols equated to the command, or can make new command verb names in a CLD file that uses the same image as the normal command would. Now if you were REALLY going all out to write you own executeable image that parses and passes control to your own selected images, this may not apply. However, have you considered the SPAWN/CLI=DCL command as a way to get around this altogether? The only real way to protect certain commands from being executed by certain users is to set ACL's on the images themselves. You may want to keep a list of restriced users, and write a com-file that automatically modifies all of these acl lists on all of these images whenever you want to add or delete someone from this list of restricted users. ...JMBoof hotline%decnet.oak@pine.circa.ufl.edu or hotline%dnet.oak@vlsi2.ee.ufl.edu or boof@pine.circa.ufl.edu or jmb@beach.cis.ufl.edu (some of these may work - some may get confused ) BITNET: boof@ufpine