todd@CINCOM.UMD.EDU ("TODD AVEN") (01/27/88)
It may well be that it's only worth $0.00, but I had to do a lot of programming to support ACLs on files and Rightslist modifications recently in support of a new system we're developing. If anyone out there needs to set or remove ACLs from files, modify the VMS Rights database, or modify process rights lists, I'd like to save you the grief and aggravation of trying to interpret the sometimes lousy documentation. It's not a lot of code, but I'll postpone posting to the net pending proper prompting from plenty of people :-). These are the routines: add_group(identifier) - Add the specified identifier to the Rights database (sys$system:rightslist.dat) add_user_to_group(username,identifier) - Grant the identifier to the user in the Rights database and to all current processes belonging to user remove_user_from_group(username,identifier) - Inverse of previous routine remove_group(identifier) - Inverse of add_group grant_id_to_user(user,ident) - Grant the identifier to all current processes belonging to user. revoke_id_from_user(user,ident) - The inverse operation. Regards, Todd Aven the Software Sweatshop ------ -------
RMCEWEN@RCCA.BBN.COM (01/28/88)
Todd, Yes, you would save me lots of "grief and aggravation" to put together a package to manipulate ACLs in a cohesive way. I was in the middle of incorporating ACL routines for our account generating program. Some of the problems I've encountered that perhaps you may have encountered, (if you are also using $SETUAI in your account manipulation scheme) was that $SETUAI *does not* "trip" the "Rec Mod" field in the security alarm. (SECAUDIT will verify this). My guess is that $SETUAI is modifying the records in a way that AUTHORIZE is not and/or the $SETUAI mungs the "Rec Mod" somewhat. [I do not have the 'fiche at present...does any knowledgable reader have any information on what's not taking place? I am running VMS V4.5 soon to be V4.7...( I generally skip even numbered versions). No info in the release notes that there were any changes after V4.5] However, all of the ACL modifying routines, $MOD_IDENT, $REVOKE_ID, etc. work the same from the direct system calls or AUTHORIZE in terms of setting off the appropiate alarms. If you (or any other reader) came across any other obstacles or nuances, I'd like to hear from you. A copy of your routines would be most appreciated. Thanks, in advance. -Regis McEwen System Analyst/ System Programmer Bolt, Beranek & Newman -------