CVMMEB@VTVM2.BITNET ("Mary E. Bainter") (07/24/87)
I don't remember who asked, so I'll send this out -- and those of you that want to correct me, I'm always willing to learn (I'm a NEW sys. mgr.) In response to the one who wanted a general ID for the initial logon which would generate new and unique userids -- here's what I'd start with : First of all, as you said, the account would be captive via the login.com and all CTRL-Y's etc would be trapped and thrown to routines to handle them. I would set this ID up with the CMKRNL priv AUTHORIZED (NOT default). When they logged in, I would gather all the necessary info, create a brand new directory for them (not a subdirectory), and run some sort of batch file to actually set up their account in authorize. THEN, I'd do the following : $ SET PROC/PRIV=CMKRNL $ SET DEFAULT [new account dir] $ SET UIC [new uic] $ SET PROC/PRIV=NOCMKRNL Things you might want to look into/think about : - To run authorize, you must be SYSTEM -- do you REALLY want them to be SYSTEM -- this can be dangerous if there are any possible holes in the "captive" procedure. - Do you really want them to have CMKRNL at all?? I'm not sure, but you it might be a good idea to see whether or not they'd still be able to give themselves CMKRNL after begin moved to the new directory (applicable only to their first login). I THINK that, since you've changed their UIC, they won't be able. - I usually COPY account with some parameter (in AUTHORIZE) to add a user, most of our users are similar. So, the parameter list for ADDing a user might be a little more complex for a batch file (I doubt it, I really think it shouldn't be any trouble.) Like I said, I'm new at being a system manager, so I may have missed something important but maybe this will at least give you some ideas.
psw@WOLFGANG.MITRE.ORG (Phil Wherry) (07/25/87)
A followup to Mary Bainter's message about using CMKRNL to change UICs on a process to set up "subaccounts"...if this is to be done at all, it should be done from an image installed with privilege (and appropriate internal controls)...NOT via the authorized privilege mask in the UAF. If a user has CMKRNL, they can access anything without regard to protection if they put enough trouble into it. And at all but the most paranoid of sites, it's little trouble at all; the SET UIC [1,4] command will gleefully give you what amounts to SYSPRV, then it's off to Authorize to wreak havoc on the free world. I know this will probably be but one of a number of similar replies, and I apologize in advance for opening a can of worms like the one around a recent query about SYS$ANNOUNCE. But CMKRNL is an exceedingly dangerous privilege -- granting it to non-system people can and will seriously undermine the security of your system by making accidental and deliberate data access a near-trivial matter. My two cents' worth on the SYS$ANNOUNCE controversy: I'd like to think we're all among friends here. I don't mind reading the same message (or essentially the same one) 10 or 15 times because the other information on Info-VAX is often so valuable. And every once in a while, I pick up a trick from one of the very similar messages out there--this makes them worthwhile. Good sense and good taste are probably all that's required here. Phil Wherry