[HECnet] DEC Salle 1987

Tim Sneddon tim at sneddon.id.au
Tue Oct 8 07:02:04 PDT 2013 

On Tue, Oct 8, 2013 at 1:20 PM, Cory Smelosky <b4 at gewt.net> wrote:
On Tue, 8 Oct 2013, Tim Sneddon wrote:

On Tue, Oct 8, 2013 at 10:22 AM, Cory Smelosky <b4 at gewt.net> wrote:

On Tue, 8 Oct 2013, Sampsa Laine wrote:


On 8 Oct 2013, at 01:52, Sampsa Laine <sampsa at mac.com> wrote:


Do we have an intranet site only accessible via DECnet? I dont put any
(much) personal information on the net.

Daniel.


That's what I'm trying to do with the "Dropbox" on CHIMPY:: - anyone can
add or view files, but not delete or edit them. Just not sure what the
correct security setting for the directory should be...


Is this type of security option on a dir possible? I can't figure out how
to set it up, but somebody amongst you gurus must know :)



You can set RWE for world set on the directory by default, but have a
script periodically set all files to w:RE only.   There's probably a better
way to do it, though.


That sounds pretty, well, yuck.


I prefer the "outside the box" approach to solving problems. ;)   Weird > elegant in my book usually.

I can certainly appreciate your interest there.   However, it just makes my skin crawl.   If you do it right the first time...
  

Not that I have given it much thought you would likely be able to achieve
this sort of environment using ACLs.   I recommend checking out the VMS
security manual.

Do ACLs like that carry over DECnet?   I seem to recall Brian S. saying they don't.

You are correct, sort of.   However, you wouldn't apply the ACL to the file.   Rather, specify a default protection ACL on the directory to contain the files.   This would configure the security attributes of any file placed in it, which to my thinking should work.

I use something similar so that when I copy stuff into my FTP directories they are immediately set up to be served via either HTTP for FTP.   Here is an example of the way to set it up (assuming DROPBOX is CONCEALED logical):

$ CREATE/DIRECTORY DROPBOX:[DROPBOX]
$ SET SECURITY DROPBOX:[000000]DROPBOX.DIR/OWNER=... -
      /PROTECTION=(S:WRE,O:WRE,G:WRE,W:WRE) -
      /ACL=(DEFAULT_PROTECTION,SYSTEM:WRED,OWNER:R,GROUP:R,WORLD:R)

I've had a little play and it seems to work as expected.   Well, as I expect it to.

Regards, Tim.

More information about the Hecnet-list mailing list