02335@UWAV4.BITNET (03/15/86)
Subject: ACL's on logical name tables - re-post
I previously posted a better way to protect group logical name tables
which contained an error. I am re-posting so that those who were
confused can be less confused... The following is the actual code in
our our startup command procedure.
$! ============================================+++++++++++++++++++++ SYSTARTUP
$!
$...
$! Protect system logical tables
$!
$ SET ACL/OBJ=LOGICAL/ACL=(ID=[*,*],ACCESS=READ) LNM$SYSTEM_TABLE
$ SET ACL/OBJ=LOGICAL/ACL=(ID=[*,*],ACCESS=READ) LNM$SYSTEM_DIRECTORY
$!
$! Create the group 11 and 12 logical tables
$!
$ RUN/INPUT=NLA0:/UIC=[11,0] SYS$SYSTEM:LOGINOUT
$ RUN/INPUT=NLA0:/UIC=[12,0] SYS$SYSTEM:LOGINOUT
$!
$! Protect group tables for groups 11 and 12 (these have mixed users)
$!
$ SET ACL/OBJ=LOGICAL/ACL=((ID=[11,*],ACCESS=READ),-
(ID=[*,*], ACCESS=NONE)) LNM$GROUP_000011
$ SET ACL/OBJ=LOGICAL/ACL=((ID=[12,*],ACCESS=READ),-
(ID=[*,*], ACCESS=NONE)) LNM$GROUP_000012
$!
$...
Note: That the groups 11 and 12 contain privileged and
nonprivileged users.
I believe this should make things easier for some, considering
that it is now correct.
Tony Andrea
Engineering Computer Services
University of Washington
BITNET: 02335 at UWAV4
ARPA/CSNET: 02335%uwav4.bitnet@wiscvm.arpa
DECnet: VAX4::02335
Phone: (206)543-0499
Mail: Computer Services
374 Loew Hall, FH-10
University of Washington
Seattle, WA 98195