| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 2456.1 | Overall security policy description ? | EEMELI::VALTONEN | Ken tiet�is tulevaisuuden | Mon Mar 02 1992 04:53 | 4 |
| Note that I'm in .0 looking something than DECmcc/Ultrix EFT
Installation notes for authorizing access to MIR !
Are the V2 enchancements to security/access fixed yet ?
|
| 2456.2 | Creative solutions ? | EEMELI::VALTONEN | Ken tiet�is tulevaisuuden | Tue Mar 03 1992 09:04 | 5 |
| Would it be feasible using multiple local MIRs and single DECdns
with access imitations defined for users for improving security ?
(is using multiple MIRs possible in DECmcc/Ultrix?)
Olli
|
| 2456.3 | Local MIR, Private MIR, Local Private MIR ? | EEMELI::VALTONEN | Ken tiet�is tulevaisuuden | Tue Mar 10 1992 12:06 | 46 |
|
Attached text is part of T1.2.4 Release Notes.
It refers to "Local Instance Repository Files".
I assume that these are the User specific parts of MIR ?
Where is the use of Local MIR files described more in detail ?
I would also like someone to confirm my belief that "Private
MIR" is normally management module specific MIR file. True ?
I suppose it could also be Local ?
With these questions I'm just trying to figure out how a Multi-user
(Ultrix Server) DECmcc environment can be splitted to different
protected management environments...
Thanks, Olli
---- extract from BMS T1.2.4 Release Notes -----------------
3.7.1 DECmcc Local Instance Repository Files
When using the local implementation of the Instance portion of the
MIR, there are some special considerations.
For non-root users to access the DECmcc Instance Repository, the
repository files in /var/mcc must be made accessible. otherwise,
the error messages
Fatal MIR I/O error, repository=mcc_dns_ent, errno=1
and
The requested operation cannot be completed
MCC Routine Error = %MCC-E-IO_ERROR, error was returned by I/O
facility
will be received.
See Section 3 of "Planning and Installation for ULTRIX" for
information on changing access rights.
NOTE
These Instance Repository files cannot be copied
using either tar or cp since they are sparse files.
|
| 2456.4 | Some partial answers | TOOK::MINTZ | Erik Mintz, DECmcc Development, dtn 226-5033 | Tue Mar 10 1992 15:40 | 20 |
| > It refers to "Local Instance Repository Files".
> I assume that these are the User specific parts of MIR ?
This in particular refers to the use of a local system file
rather than DECdns for the instance repository. The term
"Local MIR" is misleading, and is being removed from the documentation.
> I would also like someone to confirm my belief that "Private
> MIR" is normally management module specific MIR file. True ?
This is true. Private to a management module, but shared between users.
I'm sorry, but nobody has had time to look at the security questions
you posed in the earlier replies. We will try to get back to them
as soon as the current development crunch eases.
-- Erik
|
| 2456.5 | No hurry - let's wait the answers | EEMELI::VALTONEN | Ken tiet�is tulevaisuuden | Wed Mar 11 1992 10:13 | 19 |
| Thanks Erik,
I was getting worried that we've OPEN systen in Ultrix...
I'll have now time because I succeeded to draft a satisfactory security
statement, which is hopefully true but not too detailed.
When I searched in batch yesterday through the earlier notes, I saw
note 1938 which gave some enlightment to question, but certainly did
not clear all questions. Especially 1938.2 was promising - it looks
that local (or private or whatever) MIRs may provide additional
security based on domain owner Uid/Directory.
I got the impression that both historical and reference data could
be protected by this method.
DECdns could then provide additional protection via access groups.
Certainly not too simple...
Olli
|
| 2456.6 | Any progress? | GRANPA::AMEISHEID | | Tue Jul 21 1992 14:36 | 7 |
| Has any progress been made with regard to these questions on security?
Are you referring to /etc/passwd, /etc/group, or .rhosts when you say
"by local system file" as the "local MIR"?
Thanks.
Anna
|
| 2456.7 | MIR != ULTRIX system files | TOOK::MINTZ | Erik Mintz, dtn 226-5033 | Tue Jul 21 1992 15:09 | 7 |
| > Are you referring to /etc/passwd, /etc/group, or .rhosts when you say
> "by local system file" as the "local MIR"?
No, DECmcc repository files (instance repository or otherwise) have
nothing to do with the system files you mention. In general, DECmcc
private MIR files reside in /var/mcc.
|
| 2456.8 | | GRANPA::AMEISHEID | | Tue Jul 21 1992 16:01 | 4 |
| Are these files used at all in DECmcc security management? .rhosts is
used for access control, isn't it? This is the same as proxy?
Anna
|
| 2456.9 | DECmcc != ULTRIX sys. admin? | GRANPA::AMEISHEID | | Tue Jul 21 1992 16:21 | 8 |
| Never mind. I was hoping that I could use DECmcc to do systems
admistration on the DECmcc system itself - but this is not the case, is
it? To add DECmcc users, I will have to have the system admin login to
the DECmcc system the usual way and use the standard scripts for
managing ULTRIX...?
Anna
|
| 2456.10 | proxy = proxy | TOOK::MINTZ | Erik Mintz, dtn 226-5033 | Tue Jul 21 1992 16:22 | 21 |
| I think we may be talking different languages here.
There is very little explicit DECmcc security management.
You use the operating system security features to control security
on the system, including access to DECmcc files.
There are no ACLs on vanilla ULTRIX.
You can control file access by owner and group permissions.
The MIR files have nothing at all to do with security.
.rhosts provides (for ip utilities) a function similar to DECnet proxy.
However, it is considered a fairly insecure mechanism.
The file /etc/dnet_proxy provides DECnet proxies on ULTRIX in exactly
the same way that DECnet proxies work on VMS.
Am I getting close to answering your question?
|
| 2456.11 | Try UDM | TOOK::MINTZ | Erik Mintz, dtn 226-5033 | Tue Jul 21 1992 16:26 | 8 |
| oops, notes collision.
To do ULTRIX system management from DECmcc, you may want to look at
UDM (I think there is a note somewhere about that module, which is
developed in the UK).
-- Erik
|
| 2456.12 | I understand now. Thanks. | GRANPA::AMEISHEID | | Tue Jul 21 1992 16:30 | 5 |
| Thanks for your patience. I think I am getting the idea now. I will
look for it.
Thanks again.
Anna
|