COPAS@IGL.ENG.OHIO-STATE.EDU (Ken Copas) (09/19/90)
Can someone tell me how to establish privileges in DOS? What I have is a classroom full of 386 machines which run DOS driven programs. What I need is a way to protect the system from its users. I don't want them to be able to delete files, add files, induce viruses, etc... Please E-mail me at copas@igl1.eng.ohio-state.edu if you have any ideas. Thanks. --Ken.
grimlok@hubcap.clemson.edu (Mike Percy) (09/19/90)
COPAS@IGL.ENG.OHIO-STATE.EDU (Ken Copas) writes: > Can someone tell me how to establish privileges in DOS? > What I have is a classroom full of 386 machines which run DOS driven >programs. What I need is a way to protect the system from its users. I don't >want them to be able to delete files, add files, induce viruses, etc... [sounds of much belly-ripping laughter, onomatopoeiaic spelling fails me]
root@cca.ucsf.edu (Systems Staff) (09/20/90)
In article <31780066DA3F002145@phem1.ircc.ohio-state.edu>, COPAS@IGL.ENG.OHIO-STATE.EDU (Ken Copas) writes: > > Can someone tell me how to establish privileges in DOS? > > What I have is a classroom full of 386 machines which run DOS driven > programs. What I need is a way to protect the system from its users. I don't > want them to be able to delete files, add files, induce viruses, etc... Basically, the poster who responded with laughter to your query is right (but not very helpful). Since you are stuck with DOS you can't do very much without restricting the environment a lot. For example, you could not have network connections that reach beyond your physical control. You could set the systems up as a LAN with all the files on a server which implements file protection measures. Diskless stations which boot only over the network work in this situation. From here on let's assume you must keep files in each machine. I have seen devices for Macs that have a keyed lock that fits into the floppy slot and physically prevents the insertion of a floppy disk. Maybe there are such for your systems. If you don't securely disable the floppies forget the whole thing. Actually removing them would probably handicap you too much. From here on let's assume you have disabled access to mountable storage devices. If you are willing to do a large software project you could do a virtual system implementation but I doubt that's what you have in mind. Maybe running a DOS environment under SystemV Unix (e.g. DOS/Merge etc.) would allow you the needed controls. Ask the vendor. There is a proprietary security package (whose name slips my mind -- I have a copy at home) which would probably serve quite well combined with physically disabling the floppies. I could look it up if you like. Of course, if you are concerned with malicious attacks you would need to make program development tools inaccessible to prevent an attacker from entering a naughty program from the keyboard. This would only make it harder, not be 100% clean since there are too many holes. Thos Sumner Internet: thos@cca.ucsf.edu (The I.G.) UUCP: ...ucbvax!ucsfcgl!cca.ucsf!thos BITNET: thos@ucsfcca U.S. Mail: Thos Sumner, Computer Center, Rm U-76, UCSF San Francisco, CA 94143-0704 USA I hear nothing in life is certain but death and taxes -- and they're working on death. #include <disclaimer.std>