[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

3403.0. "Using MAIN drawer as a shared drawer..." by TAV02::CHAIM (Semper ubi Sub ubi .....) Sun Oct 17 1993 12:05

A customer has his users set up in such a way that they are all in the same UIC
group and all have GROUP priveleges.

He has noticed that any user can then access the drawers of other users
including the MAIN drawer. This doesn't bother him. In fact, he would like to
utilize this behavior to make the MAIN drawer "shared" as well, thus saving
creating extra shared drawers.

Is there any reason why he shouldn't do this.

Thanks,

Cb.
T.RTitleUserPersonal
Name		DateLines
3403.1EM's will be readable by allGIDDAY::SETHIHolland 2-England 0,Andrew was't thereSun Oct 17 1993 23:5317
    Hi Cb,
    
    The only thing that comes to mind is the security of the EM's.  By
    giving access to the main drawer users will be able to read mail and if
    it's of a personal or confidential nature it may cause personal
    embrassment to someone.  I am refering to the OUTBOX and READ BOX with
    some concern about the INBOX.
    
    The "extra" work of creating a new drawer and the overheads involved
    are so small.  I would rather have my work kept in some order so that I
    can be more efficient.  I remember reading somewhere that it's
    recommened that the MAIN is not shared, I think it was during the
    training course mainly due to the security of the EM's.
    
    Regards,
    
    Sunil
3403.2Keep GROUP and still have MAIN as private ??TAV02::CHAIMSemper ubi Sub ubi .....Mon Oct 18 1993 06:559
If indeed the customer does wish to retain his MAIN drawers as non-shared,
is there a way that he can still have all his users within the same UIC group
with GROUP priveleges and yet keep the MAIN drawers private through ALL-IN-1 (I
realize he could probably place some "exotic" ACL's to accomplish this - but is
there any drawer management facility to accomplish this).

Thanks,

Cb.
3403.3This cannot be doneGIDDAY::SETHIHolland 2-England 0,Andrew wasn't thereMon Oct 18 1993 08:0221
    Hi Cb,                             
    
    >is there any drawer management facility to accomplish this).
    
    Not that I am ware of, someone else maybe able to point you to one. The
    question about "exotic" ACL's will not work either because giving GROUP
    priv. is the eqv. of giving BYPASS BUT for that group only.
    
    OpenVMS security works by checking the primary protection which is the
    G:RWED and the process privs., than it checks the ACL's.  So if you
    have group priv. and have the protection of G:NOACCESS it will bypass
    the protection because GROUP priv. grants access.  
    
    Why do the users require GROUP priv. ?  If it's to run an application
    the System Manager/Mangler may as well install the image with GROUP
    priv.  Also topic 3045 it maybe of some help, looks like alot of
    hardwork for very little gain to me.
    
    Regards,
    
    Sunil