Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!wasatch!cs.utah.edu!zeleznik
From: zeleznik%cs.utah.edu@wasatch.UUCP (Mike Zeleznik)
Newsgroups: comp.sys.apollo
Subject: Locking down a 10.1 system
Message-ID: <1352@wasatch.UUCP>
Date: 17 Mar 89 17:01:12 GMT
Sender: news@wasatch.UUCP
Reply-To: zeleznik%cs.utah.edu@wasatch.UUCP (Mike Zeleznik)
Organization: University of Utah, Computer Science Dept.
Lines: 28

I am trying to lock down a 10.1 system in a reasonable manner. Has
anyone determined a good method?

I tried using the default "closed" system at install time, but it seems
to be lacking a bit, or I have botched it.  I also have conflicting
reports from Apollo that MINST actually did the opposite of what you
requested (closed/open).  I haven't tried re-involing or reloading from
scratch to test it out. There doesn't seem to be an easy way to simply
re-run the install with the other protection mode.

Is INPROT the only way to really go?  If so, is there a reasonable
template file around?  Did you simply map your old acl_templates files
into the new form?

While one could just remove P and W rights from %.%.% for all files
and dirs, you'd still have to make sure that the groups are correct
(e.g., that %.none.% doesn't have owner rights).

If anyone has dealt with this, or wants to talk more, I'd appreciate
hearing from you.

Thanks,
Mike

Michael Zeleznik              Computer Science Dept.
                              University of Utah
zeleznik@cs.utah.edu          Salt Lake City, UT  84112
                              (801) 581-5617