nagy%warner.hepnet@LBL.GOV (Frank J. Nagy, VAX Wizard & Guru) (05/11/88)
> Can somebody tell me if it's possible to put an ACE on a file specifying > the node in the identifier field. I.e. can I do the equivalent of: > > ACE = (IDENTIFIER=(MYNODE::[100,20]),options=protected,access=read) I'm nearly 100% sure that this is NOT allowed. > See what I'm trying to do? Basically, I want to be able to distinguish > between a [100,20], say, on one machine, and another [100,20] on a > different machine. I don't see the need for this... when the user with UIC [100,20] on MYNODE reaches into your system (where the ACL is being placed), an agent process running FAL is executed for him. This agent process either: - runs under the default DECNET account which is probably not UIC [100,20]. - runs under a proxy account on your system assuming you have proxies setup AND you've setup one for remote [100,20]. In this case, you know WHO Mr. Remote [100,20] is on your system. In either case, see the documentation about the NETWORK identifier. This is automatically set for network (such as FAL access) jobs whether run under the DECNET or a proxy account. If the issue is one of access to removeable media which has been transferred between the two systems... this is a different problem which is not solvable using UICs (in general). For most systems, this is a physical security problem. = Frank J. Nagy "VAX Guru & Wizard" = Fermilab Research Division EED/Controls = HEPNET: WARNER::NAGY (43198::NAGY) or FNAL::NAGY (43009::NAGY) = BitNet: NAGY@FNAL = USnail: Fermilab POB 500 MS/220 Batavia, IL 60510
ESC1332@ESOC.BITNET ("K.Keyte") (05/15/88)
Can somebody tell me if it's possible to put an ACE on a file specifying the node in the identifier field. I.e. can I do the equivalent of: ACE = (IDENTIFIER=(MYNODE::[100,20]),options=protected,access=read) See what I'm trying to do? Basically, I want to be able to distinguish between a [100,20], say, on one machine, and another [100,20] on a different machine. Anyone know? Karl +------------------------------------+ + My Opinions are totally unique + +------------------------------------+...and never considered! ' K.Keyte Info VAX list 5/05/88 Network ACLs