[comp.os.vms] ACL troubles

Poulin@RADC-MULTICS.ARPA (06/13/88)

Hello.
 I seem to be having problems using ACL's on VAX/VMS v4.6

Here is the situation:
   I have two users:  POULIN w/UIC [EP500,POULIN] and home dir COEE:[POULIN]
                and  ARCHIVE w/UIC [ATARI,ARCHIVE] and home dir COEE:[ARCHIVE]

I want to allow POULIN to have complete access to ARCHIVE's directories and
files, but I didn't want to use the SET PROT commands because they are
rather primitive and wouldn't give me the security I desire.

So, I got out the VAX/VMS security manual and went to work.

I set the ACL on [000000]ARCHIVE.DIR to

(IDENTIFIER=[EP500,POULIN],OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE+
 CONTROL)

I set the same ACL on all the files in COEE:[ARCHIVE] 
(minus the OPTIONS=DEFAULT of course)

Doing a DIR/ACL confirmed and verified my settings. The protection on all
the files in ARCHIVE's directory,including the directory itself is set to:
(RWED,RWED,,).  This, too, was confirmed.

Everything seemed to be set right to me, so I logged in as POULIN, changed
my default to COEE:[ARCHIVE], did a DIR and got a file protection 
violation error. I retraced my steps and tried again several times, but
it still didn't work.

Does anyone out there know what I did wrong? Any help would be very much
appreciated. Please E-mail to me, since I don't subscribe to this digest.

 Thank you,
   Marc C. Poulin

Poulin@RADC-MULTICS.ARPA

reden@sys1.TANDY.COM (06/22/88)

You're close....


You need to have two ACE's for the top level directory.

One with option=default specifies a default ACE for future files in that
directory tree.


You need to add another ACE to the [000000]ARCHIVE.DIR identical to the
first without the OPTION=DEFAULT entry.


de Robert (the access violation is on reading ARCHIVE.DIR to get the list
of files in the direcotry)