F1142S30%unika2@germany.CSNET (Juergen Renz) (08/08/87)
Hi netlanders, there was a discussion about diskquota problems where Anil Khullar writes: > You have to first check if the user who created the files has privs > such as SYSPRV ? It allows user to create files with either his/her > UIC or that of another UIC. Since it is possible also that the > intended directory could have RWED to group or world may allow > different users to write files into it. A common phenomenon in some > directories at our site (We also run EUNICE which as /tmp writable > and also /usr too...which as all too-corruptible bin files also ) > > A workble solution is to prevent group either W or D access to all > but their own and provide ACL controls to directories that need to > be shared by users from different groups .... That brings me to a problem which I (and most VMS users) have with directories that are writable by other users. My question is: How can I prevent other users from affecting my directory, e.g. setting it to nodirectory or removing file names. What I want is: allow anybody to create files in my directory, but under their UIC, so that they as well as I can delete these files. I use an ACL on the directory to give me full access to all files copied into that directory. But allowing write access to a directory means everyone may do anything with it except delete it. A similar problem is the management of lost files. ANALYZE/DISK/REPAIR enters them automaticly in the [SYSLOST] directory. But then I have the work to move them into the home directory of the owner. I want the (nonprivileged) owners do the work for me, but if I allow write access to SYSLOST.DIR, I have the same problem as above. Please don't flame if the only solution is a program installed with SYSPRV, I thought of that before. Juergen Renz Universitaet Karlsruhe Mailing address: Falkengarten 7 Institut fuer Informatik IV D-7530 Pforzheim F1142S30%UNIKA2@GERMANY.CSNET West-Germany RENZ%IRAVCL@GERMANY.CSNET