DEGROOT@HWALHW5.BITNET (11/19/85)
In order to give our users (temporary) more file-storage we implemented the
following procedure on our VAX-cluster (VAX/VMS 4.1):
1. We created a directory SCRATCH.DIR on the system disk
where no diskquota is enabled.
2. The users may execute a command-procedure which creates a subdirectory
in that area giving them 'unlimited' scratch-space on the system-disk.
3. Once a week after system-maintenance just before we reboot the system
we execute a command-procedure with privs on to clear that area.
That procedure runned fine until one of our users found out about the command:
$ SET FILE/ENTER=TEST.DAT SYS$MANAGER:some-file
That user couldn't do anything to the files he pointed to that way
but our delete-procedure could and did!! The effect is that you remove the tyres
of a car running at 100 miles/hour!
I have some questions:
1. Is there a better way to implement a scratch-area without reserving
an extra disk or go through the burden of creating an entry
with DISKQUOTA for every user?
2. Is there a way to require some privs for the use of the command
$ SET FILE/ENTER ?
By the way: I am convinced that it is always better to publish security-related
stuff in INFO-VAX than to have our hackers find out before we know.
.KeesdeGroot (DEGROOT@HWALHW5.BITNET)sasaki@HARVARD.HARVARD.EDU (Marty Sasaki) (11/20/85)
How about virtual disks? This is concept a from RSX-land. What you do is create a file as a "virtual disk". You access this file through a special device driver which looks at this file as though it were a disk. You then disable disk quotas on this virtual disk. Glen Everhardt was working on a driver to do this, I'm not sure if he ever got one running. Early versions had the problem that the file had to be contiguous, and that you had to have the block id in order to set things up. Does anyone have a virtual disk driver around? Marty Sasaki (sasaki@harvard.arpa)
OC.GARLAND@CU20B.COLUMBIA.EDU (Richard Garland) (11/21/85)
THere is a virtual disk driver as part of VMS. Kevin Corroso wrote several notes to this forum a while back on how he found it in the fiche and how to "mount" it etc. I think it was "invented" to allow booting from a TK50 in some way. Check the archives. Rg -------
sasaki@HARVARD.HARVARD.EDU (Marty Sasaki) (11/21/85)
The virtual disk driver that Kevin described was using memory (non paged pool, I think) as a disk. The virtual disk driver that I was talking about uses a file on the disk. I could be wrong, but I think I'm right... Marty Sasaki p.s. Is the finger that is on the Spring 85 DECUS Symposium tape your latest version? If not, can I get a newer version?
OC.GARLAND@CU20B.COLUMBIA.EDU (Richard Garland) (11/25/85)
That Finger is out of date. I will send a later one. If you have a VAX running jnet on BITnet, send me your ID. That way I can send an intact save set. I will bring the lates to Anaheim, but that will be months before it is on the streets. Rg -------
info-vax@ucbvax.UUCP (11/27/85)
I came to the conclusion that I needed a 'virtual disk' quite independently a few weeks ago for similar reasons. If you get any response to your inquiry for a hack, please forward to us. Thanks in advance. ***** UNIX: So much entropy, so little work. A VMS hacker and UNIX abuser. M. D. Spillman a.k.a. ...uw-beaver!entropy!dataio!pilchuck!sman