[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference vaxaxp::vmsnotes

Title:	VAX and Alpha VMS
Notice:	This is a new VMSnotes, please read note 2.1
Moderator:	VAXAXP::BERNARDO

Created:	Wed Jan 22 1997
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	703
Total number of notes:	3722

351.0. "Question on File protection ?" by HGOVC::TIMOTHYKO () Thu Mar 20 1997 02:26

    Hi,
    
    Is there any ways to control the read access on directories ? I know
    VMS only support RWED, could someone help ?
    
    Actually the problem we want to control the read access on public area
    (fal$disk:[fal$server] or sys$specific:[fal$server]), user only can
    only copy files from/to public directory but not allow to edit the files
    directly from it. Is it possible ? Does ACL can perform this function ?
    
    Thank for you help !
    
    Tim

T.R Title User Personal
Name Date Lines

351.1 What Is The General Task? XDELTA::HOFFMAN Steve, OpenVMS Engineering Thu Mar 20 1997 08:56 27

T.R	Title	User	Personal Name	Date	Lines
351.1	What Is The General Task?	XDELTA::HOFFMAN	Steve, OpenVMS Engineering	`Thu Mar 20 1997 08:56`	27
	What is the general task the customer is trying to solve? It sounds like these folks need to use some basic non-default proxies to control the FAL default directory, and use this in conjunction with ACLs to set up a read-only" directory, and a "write-only" directory. There is no perceptible difference (as far as the security model is concerned) between copying a file into a remote directory via FAL, and editing a file (creating it) in a remote directory via FAL. (And things get really "interesting" when one tries to mix read and write access to a single directory.) It is possible to use execute-only access on the parent FAL$SERVER directory to reduce the visibility of any files present in the remote directory. (And a set of options=default ACE entries to alter the ownership on the files created in the directory can be used to alter the accessability of a file, once created, in the remote directory. This can help in the implementation of a "write-only" directory.) -- There are non-standard extensions on some webservers that implement "file uploads to the server". Making files available for viewing or downloading from a webserver is trivial, and this can be combined with a "write-only" "submission" FAL directory...

    What is the general task the customer is trying to solve?

    It sounds like these folks need to use some basic non-default proxies
    to control the FAL default directory, and use this in conjunction with
    ACLs to set up a read-only" directory, and a "write-only" directory.

    There is no perceptible difference (as far as the security model is
    concerned) between copying a file into a remote directory via FAL,
    and editing a file (creating it) in a remote directory via FAL.
    (And things get really "interesting" when one tries to mix read and
    write access to a single directory.)

    It is possible to use execute-only access on the parent FAL$SERVER
    directory to reduce the visibility of any files present in the remote
    directory.  (And a set of options=default ACE entries to alter the
    ownership on the files created in the directory can be used to alter
    the accessability of a file, once created, in the remote directory. 
    This can help in the implementation of a "write-only" directory.)

	--

    There are non-standard extensions on some webservers that implement
    "file uploads to the server".  Making files available for viewing or
    downloading from a webserver is trivial, and this can be combined
    with a "write-only" "submission" FAL directory...