[HECnet] How much should you be allowed to shoot yourself in the foot?
Johnny Billquist
bqt at softjar.se
Mon Oct 12 18:25:05 PDT 2020
Actually, I seem to remember last time I looked (quite a number of years
ago), there were 36 different privileges in VMS. Definitely more than 32
in any case. But yes, that is a rather nice part in VMS. And you can
assign such rights both to users and programs.
Johnny
On 2020-10-13 03:22, Robert Armstrong wrote:
> VMS has a fine grained privilege system - I haven't counted recently, but I'll bet there are close to 32 individual privileges that can be enabled or disabled at will. Processes have both an "authorized privileges" and an "enabled privileges" mask, so an account can have many privileges authorized but a user can selectively turn them on or off at will. Programs (really installed images, but that's an executable program for this discussion) also have a privilege mask and when a user runs one of these the image privileges are ORed with the process privileges. I'm not aware that specific privileges can be associated with specific terminals, but you can restrict accounts to only log in on local (hardwired) terminals, batch jobs, PTYs, network terminals, or even on the CTY only.
>
> There's also an elaborate system of ACLs for files, but that's a different story.
>
> One VMS privilege bit that I really like is "READALL" - this says that the process can have read access to any file on the system, regardless of protections. The process doesn't, however, get any special dispensation for modifying or deleting the file (there are other privilege bits for that!). Having read access to everything without having to worry about accidentally screwing something up is really handy.
>
> Bob
>
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
More information about the Hecnet-list
mailing list