Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!testnode.MIT.EDU!krowitz
From: krowitz@testnode.MIT.EDU (David Krowitz)
Newsgroups: comp.sys.apollo
Subject: Re: some questions for the gurus.
Message-ID: <8809141502.AA01500@testnode.mit.edu>
Date: 14 Sep 88 15:02:11 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 32


Time for me to throw in my two cents worth ...

Actually, if would be nice if the SHUT command checked for some
basic things like:  

1) processes CRP in from another node
2) diskless partners that were currently booted off the disk
3) files that were opened from other nodes
4) if the node is a gateway

and things like that and issued a "do you really want to
do this?" message before it goes ahead and blows everything
out of the water. If I typed "dlf ?*" the system would ask
me if I really wanted to delete everything. Why not do the
same for SHUT. The issue of restricting access to the SHUT
command, for me, is not one so much of security as it is one
of simple safety. Does the person really know what they are
doing? If they have sys_adim or root priviledges (real or
ill-gotten) they probably have a good idea of what they're
up to. If they don't have the rights, then why trust them
to know what their doing to other users on the network? Why
would a random user *need* to shut down a node anyhow?


 -- David Krowitz

krowitz@richter.mit.edu   (18.83.0.109)
krowitz%richter@eddie.mit.edu
krowitz%richter@athena.mit.edu
krowitz%richter.mit.edu@mitvma.bitnet
(in order of decreasing preference)