McGuire_Ed@GRINNELL.MAILNET (08/06/86)
Any ideas about the following problem would be most appreciated! We have some disks on our cluster that are mounted /SYSTEM on some nodes but not mounted at all on others. This is so that files on these "sensitive data disks" cannot be accidentally made available to students, who have accounts on nodes where the disks in question are not mounted. Our two LP11 printer controllers are currently installed in two 750s on the cluster. When printing files, the disks where the files reside must be mounted on the 750s for the print symbionts to open them. Therefore, the sensitive disks have been available from these nodes. Soon we will be authorizing students on the 750s. We wish to discontinue mounting the sensitive disks on the 750s. This has been a very easy way to protect that data. Unfortunately, the print symbionts would not be able to print files on the sensitive disks if we did this. Our alternatives, as I see them, are to leave the disks mounted or to move the printer controllers. But if we leave the disks mounted, we need a different security mechanism for those disks that is as easy to maintain and as efficient as our current method. But we have no secure system to move our LP11s to except one of our 8600s, and I've heard horror stories about performance of 8600s when LP11s are active on the UNIBUS. Does anyone have an alternate disk volume protection method that would allow nobody but the print symbionts to access the disks? We don't want to do anything that would impact performance on the 8600 that normally accesses the disks, such as ACLs on the directories. We don't want to be constantly monitoring file protections for mistakes. Or, has anybody put LP11s into an 8600? Is it supported. Did it work? Was there a performance problem? Thanks in advance for any ideas and suggestions!
oberman@LLL-ICDC.ARPA ("Oberman, Kevin") (08/08/86)
I have a possible (and maybe reasonable) solution to the problem of cluster disk security from users in a certain group. (i.e. Students). The students would be given an identifier (e.g. STUDENT). The MFD on the disks in question could then be given an ACL prohibiting access by a holder of the STUDENT identifier. I don't believe there is any way to access the disk if you can't access the MFD. A possible ACE for the MFD would be: $ SET DIRECTORY/ACL=(ID=STUDENT,ACCESS=NONE) disk$name:[000000] Please be aware that this is just an idea, not something I have tried, so the syntax may be a bit off. Kevin Oberman UCLLNL ARPA: oberman!lll-icdc.arpa (415) 422-6955 ------