etb@milton.u.washington.edu (Eric Bushnell) (02/28/91)
I have some concerns about the "closed" installation and security also. I like to use plain Berkeley UNIX protection where I can, but I've read and heard various reports that some of the system files and directories are protected by extended or "unusual" ACLs, and should be left alone, lest we break things. Is "chmod -R o-w" really going to wreak havoc somewhere? Eric Bushnell UW Civil Engineering etb@milton.u.washington.edu etb@zeus.ce.washington.edu
thompson@PAN.SSEC.HONEYWELL.COM (John Thompson) (02/28/91)
<<forwarded message>> > I have some concerns about the "closed" installation > and security also. I like to use plain Berkeley UNIX > ... > Is "chmod -R o-w" really going to wreak havoc somewhere? Certainly this will cause you grief in the `node_data (normally /sys/node_data) directory. In addition, diskless nodes may catch grief if the /sys directory of the parent isn't right, since netman creates a node_data.<DISKLESSID> entry for the diskless node's `node_data. You can fix that part by having the /sys/net/netman.???_sh script(s) set ACLs as needed. I'm not sure about the rest of the tree. There are probably other places in the /sys tree that are sensitive, and there may be other areas in the noraml tree. I try and set up close-to-Berkeley protections in the bsd4.3 directories, close-to-SysV prots on the sys5.3 directories, and Aegis-type ACLs on the Aegis-type directories. It's a mish-mash, but it more-or-less works. -- jt -- John Thompson Honeywell, SSEC Plymouth, MN 55441 thompson@pan.ssec.honeywell.com Me? Represent Honeywell? You've GOT to be kidding!!!