peter@aucs.UUCP (Peter Steele) (03/24/88)
I'm posting this for another person who doesn't have access to this network (or so I gathered). ---------message starts here--------- At last, my first message to the net. Greetings to all of you and many thanks-- for all your contributions (info and software). I am not a Mac programmer (yet) but I happen to work for the Computing Center of the University of Tennessee at Knoxville (great place to live in.) Most of my work deals with personal computer facilities on campus (and yes, we do have IBM PS/2s sitting right next to the Macs :-) with AppleShare (versions 1.0 and 1.1). lately circulating notes about problems In reply to Mr. Peter Steele's message in article <891@aucs.UUCP>, Mr. Larry Rosenstein says: > AppleShare 1.0 & 1.1 did have a problem where a malicious user could > steal someone's folder. Even though s/he couldn't open the folder s/he > could prevent the legitmate owner from gaining access as well. Actually, this is not a problem. Somewhere in the AppleShare documentation (I forgot exactly where), it is mentioned that locking the root directory of a server volume would provide additional protection for the server configuration. Unfortunately, however, the way to lock the root directory is not mentioned anywhere... Here is how it works: extra "power" by having the ability to assign access privileges to a server has volume as if it were a mere folder. How to lock the root directory? - Log on to the server as the custodian, - Select the volume you wish to protect, - Get privileges, - Uncheck the "Make Changes" box for Everyone, and this should do it.. This method locks the root directory of the volume so that the general users will not be able to steel any folders. (Note that this will be useful in an environment where each user has his/her own folder. In the case of an educational institution, assigning a registered username to each user may not be feasible, and therefore a better solution may be to set the server with no MAKE CHANGES privvileges to EVRYONE. All personal data is then saved on floppies provided by the users) So far, this method has worked very well in our facilities with no complaints whatsoever... Thanks for all the info (and software :-) provided through the net.. Mohamad El Jazzar 100 SMC, M4D The UT Computing Center (UTCC) Knoxville, TN 37916 -- Peter Steele, Microcomputer Applications Analyst Acadia University, Wolfville, NS, Canada B0P1X0 (902)542-2201x121 UUCP: {uunet|watmath|utai|garfield}dalcs!aucs!Peter BITNET: Peter@Acadia Internet: Peter%Acadia.BITNET@CUNYVM.CUNY.EDU