Very Computer

    What's the best way to keep users from having access to a drive or
directory on OpenVMS 6.2

|

|    What's the best way to keep users from having access to a drive or
|directory on OpenVMS 6.2

Firstly, I apologise for this, it's Friday, and I spent some time last
night trying to find a leak in my radiator, that turned out to be a waste
pipe from the auto washing machine fallen out of the drain....! Any hey, I
used a VAX to clear up the mess, but it's the name of the carpet cleaner in
the UK! The MicroVAX in the BA123 just stood tippy toes over the pool of
water doing it's 24x365.25!

1. Unplug and remove the disk drive in question from the system, then lock
it in a safe. (works for any operating system BTW!)

2. Assuming you've not given the users any privileges (you DIDN'T did
you?), use the SET SECURITY command.

There's a few more prerequisites, the users must not OWN the files
(DIR/SECURITY should reveal a different owner) and the UIC group of the
users must be greater than the value of MAXSYSGROUP in SYSGEN.

An alternative to 1 above is, if the disk is not required to be systemwide
accessible, then allow whoever needs the data on that volume to mount it
privately.

Security, and file security is something you need to understand before
trying to implement. Therefore it's not possible to say "type this, then
type that". Providing users have not been given elevated privileges, and
the default protection masks have not been changed, and the users are in
different groups from the files that need protecting, then this level of
file protection should be inherent.

Regards

Nic Clews CSC Computer Sciences and a damp kitchen.

Just use the tools provided by VMS - ACL's or SOGW masks. Look in the
System Security manual for fuller information. Protection masks are
relatively easy, ACL's take a bit more thinking about.

Steve Spires

Just use the tools provided by VMS - ACL's or SOGW masks. Look in the
System Security manual for fuller information. Protection masks are
relatively easy, ACL's take a bit more thinking about.

Steve Spires

:
:    What's the best way to keep users from having access to a drive or
:directory on OpenVMS 6.2

  Best way: start by reading the guide to system security manual...

  Basic requirement: never give untrusted users enhanced privileges...

  If you can not trust any single user, use dual passwords, giving each
  of two users one of the two passwords to the privileged account(s),
  and requiring both to always be present when any access is made.

  If you violate the requirement for (only) trusted users to have access
  to privileged accounts, there can be no security.

  In descending order of preference:

  o Render the user(s) entirely immobile, using any prefered means...
    Glue, duct tape, and appropriate threats can be made to work.  :-)
  o Prevent the user(s) from ever logging into the system...
  o Never allow the users to access DCL or other general mechanism,
    restricting access to trusted applications and/or procedures.
  o Use identifiers and ACEs on the devices and directories,
    including device ACLs, as well as default and standard ACLs.
    (This requires UIC access be denied.)
  o Use UIC protections to lock out access...
  o Trust the user(s) not to find SET DEFAULT and similar...

  Enable security alarms, to track file access failures, and to track
  critical system- and security-related operations.

 -------------------------- pure personal opinion ---------------------------

  note to those folks not contributing spam -- there is no ZZ in my address