Poulin@RADC-MULTICS.ARPA (06/13/88)
Hello.
I seem to be having problems using ACL's on VAX/VMS v4.6
Here is the situation:
I have two users: POULIN w/UIC [EP500,POULIN] and home dir COEE:[POULIN]
and ARCHIVE w/UIC [ATARI,ARCHIVE] and home dir COEE:[ARCHIVE]
I want to allow POULIN to have complete access to ARCHIVE's directories and
files, but I didn't want to use the SET PROT commands because they are
rather primitive and wouldn't give me the security I desire.
So, I got out the VAX/VMS security manual and went to work.
I set the ACL on [000000]ARCHIVE.DIR to
(IDENTIFIER=[EP500,POULIN],OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE+
CONTROL)
I set the same ACL on all the files in COEE:[ARCHIVE]
(minus the OPTIONS=DEFAULT of course)
Doing a DIR/ACL confirmed and verified my settings. The protection on all
the files in ARCHIVE's directory,including the directory itself is set to:
(RWED,RWED,,). This, too, was confirmed.
Everything seemed to be set right to me, so I logged in as POULIN, changed
my default to COEE:[ARCHIVE], did a DIR and got a file protection
violation error. I retraced my steps and tried again several times, but
it still didn't work.
Does anyone out there know what I did wrong? Any help would be very much
appreciated. Please E-mail to me, since I don't subscribe to this digest.
Thank you,
Marc C. Poulin
Poulin@RADC-MULTICS.ARPAreden@sys1.TANDY.COM (06/22/88)
You're close.... You need to have two ACE's for the top level directory. One with option=default specifies a default ACE for future files in that directory tree. You need to add another ACE to the [000000]ARCHIVE.DIR identical to the first without the OPTION=DEFAULT entry. de Robert (the access violation is on reading ARCHIVE.DIR to get the list of files in the direcotry)