Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ulowell!apollo!nazgul
From: nazgul@apollo.COM (Kee Hinckley)
Newsgroups: comp.sys.apollo
Subject: Re: Protection in Internets
Message-ID: <43acbbe9.1b147@apollo.COM>
Date: 6 Jun 89 20:52:00 GMT
References: <3877@hacgate.scg.hac.com>
Reply-To: nazgul@apollo.COM ()
Organization: Apollo Computer, Chelmsford, MA
Lines: 61

In article <3877@hacgate.scg.hac.com> lori@hacgate.scg.hac.com (Lori Barfield) writes:
>Now what do we do for security?  People with root/sys_admin access on
>one network can blast away at anything on the other.  Shared resources
>are critical to our operation, but not shared priviledges.

Unlike some of our competitors', the Apollo network really *is* treated as
a single computer :-).  However there are some things that you can do.

>priviledges before allowing a user on, even as root.  Crp couldn't care
>less where I'm coming from.  Also, the users here depend on UNIX, and

True, but you can protect your node from crp'ing on a per-user/group/org
basis using the standard acl systems (see the man page entry below, I
believe this applies to SR10.1 and greater, but I could be wrong).
You may also be able to set protections (particular on the spm_control
file) so that only users actually on that machine can modify files.  See
the man page on "lprotect".

LPROTECT(8)                     Domain/OS BSD                      LPROTECT(8)

NAME
     lprotect - control local protection

SYNOPSIS
     /etc/lprotect [-rmtroot all | none | readonly]

DESCRIPTION
     lprotect controls what privileges processes running as root (locksmith)
     on remote nodes have on the local node.  The argument you supply to the
     -rmtroot option controls these privileges:
....
From the man page on "spm".
....

Controlling Access to a Node
     spm can optionally prevent unauthorised users from creating processes on
     a node or logging in. If the file `node_data/spm_control exists on the
     node running spm, all process creation and login requests are validated
     and only users with a SID matching an entry in the file are allowed
     access. If the file does not exist all requests are allowed.

     If present, the control file should contain a list of SIDs, one per line,
     specifying users that are authorised. Each entry should be specified as
     follows:

          user.group.org

     where a % character in a field matches anything.

     Examples:

     Allow access to all users

     %.%.%

     Allow access to all members of group grp

     %.grp.%


I hope that helps some.