Newsgroups: comp.sys.apollo
Path: utzoo!utgpu!news-server.csri.toronto.edu!helios.physics.utoronto.ca!alchemy.chem.utoronto.ca!system
From: system@alchemy.chem.utoronto.ca (System Admin (Mike Peterson))
Subject: Re: Apollo problem list / tirade...
Message-ID: <1991Feb26.160744.16393@alchemy.chem.utoronto.ca>
Organization: University of Toronto Chemistry Department
References: <9102252009.AA09593@hwcae.cfsat.honeywell.com>
Date: Tue, 26 Feb 1991 16:07:44 GMT

In article <9102252009.AA09593@hwcae.cfsat.honeywell.com> davidy@hwcae.cfsat.honeywell.com (David Young) writes:
>> > H52) lack of file system security for Domain/OS files  on  systems  in  a
>> > supposedly "closed" environment.
>> > [Apollo response: use 'inprot'; the problem with this is  that  you  must
>> > supply  a  script of what to change and how - if I knew what needed to be
>> > changed, and to what ACL's, I would have already done it] APR # dc6fa.
>> True.  A boilerplate was promised at 10.2.  It never showed up.  I have a
>> 12 page template that does a pretty good job (though we don't get paranoid).
>> HP/APOLLO : I WANT A TEMPLATE!!!!
>> 
>> > N41) a complete set of file and directory ACL's  is  needed  to  properly
>> > configure the file system, as these are not set correctly or consistently
>> > by the installation procedure.
>> > [Apollo response: will not be done before SR11]  Call  #  254175,  APR  #
>> > dcd46.
>> Agreed, but it's "deja vu" time.  See H52.
>
>But there is a template file!  Read the release notes:
>                                            
>     2.5.3  New Template File for ACLs
>
>     We have included a "canned" template file that you can use with the
>     inprot (install protections) tool to change open Domain/OS ACLs to
>     closed. The file is located in:
>
>     <//authorized area>/install/templates/apollo/os.v.10.2/ip.closed_sysv
>
>The template file *also* comes with the SR10.3 RAI tapes.  At least its a start!

There is no template file mentioned in the SR10.3.p release notes (I
didn't keep the SR10.3 release notes around). My AA has been deleted, so
I can't look, but will when I reload it to install the latest compilers
(which I got yesterday). From the look of the
name of that file, it might not be loaded unless you load SYS5 - we load
only Aegis (out of necessity to have a controlable system) and BSD 
(because we want it). I also got an e-mail message the recently that
said that the ACLs on SR10.3.p are still open even for 'closed' installations
if you install onto a freshly-invol'ed disk.
-- 
Mike Peterson, System Administrator, U/Toronto Department of Chemistry
E-mail: system@alchemy.chem.utoronto.ca
Tel: (416) 978-7094                  Fax: (416) 978-8775
