Default owner of files in directories problem

Default owner of files in directories problem

Post by Mighty Firebreath » Thu, 10 Oct 1991 22:44:03



        Barry Barnreiter <csus.edu!wupost!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!usenet.c
writes:

        Barry,
        I N C L U D E   A   M A I L   A D D R E S S ! ! ! ! ! ! !
That mess above is all that those of us on the info-vax side got.

Quote:

>Sorry if this is a FAQ.  But how do you setup a directory so that
>every file that gets written into it gets the same UIC as the
>owner of the directory.

        You can't!  Ownership of a file depends on the privileges or
identifiers held by the creator of the file, and on the commands used to
create the file and/or change the ownership.  The owner of a file or a
privileged user can use commands such as CREATE /OWNER_UIC or SET FILE
/OWNER_UIC.

Quote:>I know it's possible because I've seen directories that always do
>this.

        You will find considerable information in "Guide to VMS System
Security", order number AA-LA40B-TE on establishing and changing file
ownership (Section 4.4.5), and defining ownership privileges (section
4.4.2).

        There's more of it than I feel like typing this morning.

*************************************************************************
*                                                                       *
*                        Here, there be dragons!                        *

*                                                                       *
*                                                Richard B. Gilbert     *
*************************************************************************

 
 
 

Default owner of files in directories problem

Post by Time.goes.in.insta.. » Fri, 11 Oct 1991 03:03:14


Quote:> >Sorry if this is a FAQ.  But how do you setup a directory so that every
> >file that gets written into it gets the same UIC as the owner of the
> >directory.

> You can't!  Ownership of a file depends on the privileges or identifiers
> held by the creator of the file, and on the commands used to create the
> file and/or change the ownership.  The owner of a file or a privileged user
> can use commands such as CREATE /OWNER_UIC or SET FILE /OWNER_UIC.

Actually, you can:

    Id$ show proc/all   ! note no extra privs enabled (there are no ACLs in
                        ! play here)
    [...etc...]
    Process privileges:
     SETPRV               may set any privilege bit
     TMPMBX               may create temporary mailbox
     NETMBX               may create network device
    [...etc...]
    Id$ show default    ! here's where we are
      DRLABS$ROOT:[LABS]
    Id$ dir/sec [-]labs ! check ownership of this directory

    Directory DRLABS$ROOT:[000000]

    LABS.DIR;1           [SYSTEM,*]            (RWE,RWE,RWED,RWED)

    Total of 1 file.
    Id$ create t.tmp    ! create a file
    abc^Z
    Id$ dir/sec t.tmp   ! see who it's owned by

    Directory DRLABS$ROOT:[LABS]

    T.TMP;1              [DRLABS,DENIS]        (RWED,RWED,RE,)
        [[[ Note file is owned by same UIC as process, not directory ]]]

    Total of 1 file.
    Id$ set proc/priv=(sysprv)  ! turn on sysprv
    Id$ create t2.tmp           ! create another file
    abc^Z
    Id$ dir/sec t*.tmp          ! see who it's owned by

    Directory DRLABS$ROOT:[LABS]

    T.TMP;1              [DRLABS,DENIS]        (RWED,RWED,RE,)
    T2.TMP;1             [SYSTEM,*]            (RWED,RWED,RE,)
        [[[note new file has same owner as directory, not process ]]]

    Total of 2 files.

So the upshot is that with SYSPRV an otherwise-unprivileged user can create
files with the same owner UIC as the directory they are in.  However, I
wouldn not advise you to give this to users, since they can then access any
file by the System portion of the protection mask.

You probably want to do it with ACLs.  Setting the directory up with
default ACLs will allow access to a defined group and also every file
within the directory gets the ACL, propagating this access.  ACLs can be a

dwh

 
 
 

Default owner of files in directories problem

Post by Barry Barnreit » Fri, 11 Oct 1991 06:25:56


Thanks to all who sent the many mail messages to me.  I really
appreciate it....and I've finally figured out this mystery to
me.  All I have is the VMS General Users Manual and System
Managers Manual.  There's not much info in these about this
sorta stuff.
 
 
 

Default owner of files in directories problem

Post by Fred Ross-Per » Sat, 12 Oct 1991 21:17:05


>    Barry Barnreiter <csus.edu!wupost!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!usenet.c
>writes:

>>Sorry if this is a FAQ.  But how do you setup a directory so that
>>every file that gets written into it gets the same UIC as the
>>owner of the directory.

Depending on your aplication, it may be more important to consider what others
can do with the files in the directory, as opposed to who owns them.
You can set up an ACL on the directory file such that files created in it
will inherit certain ACEs, giving read/write/control access to users or
groups of users.

--
**********************************************
 Fred Ross-Perry         Raytheon Company

 (508) 440-4481          528 Boston Post Road
                         Sudbury, MA 01776
**********************************************