SYSTEM@STAR.ST-AND.AC.UK (01/12/88)
The great NETMBX debate seems to have surfaced. Our users don't have NETMBX
and they seem happy enough (assuming you ignore all the complaints). Ok
- so you have to do a lot of installs at system startup but this is no big
deal if you think about it. I append a copy of the file we run to install
images from SYSTARTUP a lot of which are done to sort out network problems.
From memory, when we set all this up there were one or two little things
that use user could not do, but then they were things we did not want done
anyway.
If any of the privs given to images upset people please mail me direct
and I will fix it in private rather than tell the whole net how to get it
wrong.
Roger Stapleton JANET - SYSTEM @ UK.AC.ST-AND.STAR
St.Andrews University Observatory,
Scotland.
---------------------------------------------------------------------------
$!
$! ****************************************************************
$! * *
$! * Install images, including those which need NETMBX for DECNET *
$! * *
$! ****************************************************************
$!
$ set noverify
$ RUN SYS$SYSTEM:INSTALL
sys$user:alias /open/head/share/priv=(cmkrnl,readall)
! sys$system:analimdmp /priv=(cmexec,cmkrnl)
sys$system:copy /priv=netmbx /share /open /header
create /priv=netmbx
sys$library:crfshr /share
sys$system:delete /priv=netmbx /share /open /header
sys$system:diff /priv=(netmbx,tmpmbx)
sys$system:directory /priv=netmbx /open /share /header
sys$system:edt /open/header/shared
sys$system:evl /priv=netmbx
sys$system:fal /priv=netmbx /head /open
sys$system:librarian /priv=netmbx
sys$system:link /open /shared /priv=netmbx
sys$system:loginout /delete
sys$system:loginout/head/open/share/priv=(cmkrnl, tmpmbx, netmbx, sysprv,-
log_io, sysnam, altpri)
sys$system:mail /open/header/priv=(sysprv,oper,world,netmbx)/share
sys$system:monitor /priv=(tmpmbx,netmbx)
sys$system:netserver /head/open/share/priv=(netmbx, tmpmbx)
sys$system:pass.exe /open/head/share/priv=(sysprv)
!sys$system:phone.exe /delete
sys$system:rename /priv=netmbx /open /share /header
!sys$system:request /priv=(tmpmbx)
sys$system:rtpad /priv=(tmpmbx,netmbx)/share
sys$system:search /open/header/shared
sys$share:spishr /open/header/protect/share
sys$system:submit /open/header/priv=(tmpmbx,netmbx)
sys$system:tpu /open/header/share
sys$share:tpushr /open/header/share
sys$message:tpumsg /open/header/share
sys$library:tpu$cctshr /share
sys$system:type /priv=netmbx /open /share /header
sys$system:vmshelp /open/header/shared
sys$system:vpm /priv=(sysnam,sysprv,tmpmbx,netmbx,altpri,pswapm)
$
$!
$ exit
$!LEICHTER@VENUS.YCC.YALE.EDU ("Jerry Leichter ", LEICHTER-JERRY@CS.YALE.EDU) (01/13/88)
The great NETMBX debate seems to have surfaced. Our users don't have NETMBX and they seem happy enough (assuming you ignore all the complaints). Ok - so you have to do a lot of installs at system startup but this is no big deal if you think about it. I append a copy of the file we run to install images from SYSTARTUP a lot of which are done to sort out network problems. From memory, when we set all this up there were one or two little things that use user could not do, but then they were things we did not want done anyway. [The command file that follows installs such things as DIRECTORY, COPY, and TYPE with NETMBX.] Yes, all this will work - but just what is it you think you are gaining? If you have left your TASK object enabled, I can already execute any code I want remotely with COPY, though perhaps not as conveniently. If you have disabled the TASK object, about all you've managed to do is prevent some minor spoofing games that can be played with MAIL and PHONE. I wouldn't bet on MAIL being secure anyway, and if PHONE hacking is a problem, it's really easy to track down the hackers by checking NETSERVER.LOG files. On the other hand, you've made it impossible to develop or use all sorts of useful network programs. As a simple example of the usefulness of transparent network access, I run a DVI file displayer that reads its fonts from a remote directory using DECnet. -- Jerry