Poulin@RADC-MULTICS.ARPA (06/13/88)
Hello. I seem to be having problems using ACL's on VAX/VMS v4.6 Here is the situation: I have two users: POULIN w/UIC [EP500,POULIN] and home dir COEE:[POULIN] and ARCHIVE w/UIC [ATARI,ARCHIVE] and home dir COEE:[ARCHIVE] I want to allow POULIN to have complete access to ARCHIVE's directories and files, but I didn't want to use the SET PROT commands because they are rather primitive and wouldn't give me the security I desire. So, I got out the VAX/VMS security manual and went to work. I set the ACL on [000000]ARCHIVE.DIR to (IDENTIFIER=[EP500,POULIN],OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE+ CONTROL) I set the same ACL on all the files in COEE:[ARCHIVE] (minus the OPTIONS=DEFAULT of course) Doing a DIR/ACL confirmed and verified my settings. The protection on all the files in ARCHIVE's directory,including the directory itself is set to: (RWED,RWED,,). This, too, was confirmed. Everything seemed to be set right to me, so I logged in as POULIN, changed my default to COEE:[ARCHIVE], did a DIR and got a file protection violation error. I retraced my steps and tried again several times, but it still didn't work. Does anyone out there know what I did wrong? Any help would be very much appreciated. Please E-mail to me, since I don't subscribe to this digest. Thank you, Marc C. Poulin Poulin@RADC-MULTICS.ARPA
reden@sys1.TANDY.COM (06/22/88)
You're close.... You need to have two ACE's for the top level directory. One with option=default specifies a default ACE for future files in that directory tree. You need to add another ACE to the [000000]ARCHIVE.DIR identical to the first without the OPTION=DEFAULT entry. de Robert (the access violation is on reading ARCHIVE.DIR to get the list of files in the direcotry)