[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

764.0. "V2.4 : Group Access on ALL-IN-1 User Files ." by YUPPY::RAVEN () Thu May 28 1992 15:08

    I'm sorry If this question has been asked before , but here we go
    anyway .
    
    ALL-IN-1 V2.4
    VMS 5.4-2
    CI Cluster
    Shadow Sets of RA90's .
    
    I have a large number of user accounts , with files being created with
    a default protection as  follows ,
    (RWED,RWED,RE,)
      |    |    | |
    Sys.  Own. Grp. Wrld.
    
    As most ALL-IN-1 accounts get created using Templates that tend to put
    users into the same group , this leaves me with a security problem .
    
    Can I take away the group access on all user ALL-IN-1 files, and if so
    will ALL-IN-1 still work with all functionality ?
    
                             Regards
                               KR
T.RTitleUserPersonal
Name		DateLines
764.1No - blow it away!IOSG::PYEGraham - ALL-IN-1 Sorcerer's ApprenticeThu May 28 1992 18:1513
    In my opinion we'd be better off removing *ALL* group access to
    everything, and I've tried to do so a few times, but got stuck with
    historical precedent.
    
    As far as I know, nothing works through using Group access, and the
    setting of G:RE is historically based on some VMS default.
    
    So I'd say, go ahead and remove it.
    
    Graham
    
    PS Anyone have a view on whether I should resume my crusade against
    Gropup access?
764.2Maybe shared foldersAIMTEC::PORTER_TTerry Porter, ALL-IN-1 Support, Atlanta CSCFri May 29 1992 22:2411
If all or most of your users are in the same group then group protections may
be used to give access to shared folders.

I would get rid of group access and then if anyone conplains about not being 
able to get at shared folders add an ACL to the DOCDB and DAF containing the 
shared folder to give the specific user(s) the access they need. This will
be more secure than opening it up to the whole group.

HTH

Terry
764.3I'll give it a spin.YUPPY::RAVENSat May 30 1992 21:089
    
    I think as Graham says , I'll go for it .
    
    I think defualt file protection for created files comes from the Sysgen 
    Param --> RMS_FILEPROT , Well as advised in another notes file .
    
    
                             Regards
                              Kevin Raven
764.4RMS_FILEPROTMINDER::FLACKI"One Mail Short of a Full Inbox"Mon Jun 01 1992 19:2529
        
        I have not liked G:RE for a long time. All I have to do is 
        have G:R to DOCDB and PDAF to get all WP documents of another 
        user !!
        
        Has anyone tried EM SMU in V3.0 with G:RE ??
        
        Anyway, you may like to know two ways of setting the default 
        protection.
        
        1) $SET PROTECTION=(S:RWED,O:RWED,G,W)/DEFAULT
        	from SYLOGIN.COM
        2) RMS_FILEPROT system parameter
        
        RMS_FILEPROT is a bitmapped parameter split into four sets of 
        four bits, one meaning OFF and zero meaning ON. The default 
        file protection is...
        
        World	Group	Owner	System
        DEWR	DEWR	DEWR	DEWR
        1111	1010	0000	0000	= 64000 (Base 10)
        
        To remove group access...
        
        World	Group	Owner	System
        DEWR	DEWR	DEWR	DEWR
        1111	1111	0000	0000	= ?? (Base 10)
        	
        I was never any good at these conversions :-)