krowitz%richter@UMIX.CC.UMICH.EDU (David Krowitz) (06/27/90)
Many people who are tightening up their ACL's are forgetting that many of the system servers run as user.server.none rather than as root.staff.none. You must also pay attention the the default (initial) ACL's that are given to newly created files and directories. Many of the server programs such as the print server (/sys/hardcopy/prsvr) must create temp files and/or access type manager files on the fly. Some of the things to be careful about are: /sys/mgrs -- the type manager directory. The print server creates new manager files in here the first time it executes a new print driver (from the /sys/hardcopy/drivers directory). On each subsiquent execution, the print server must be able to access the manager it created. Other Apollo servers which use dynamically loaded drivers (eg. the DDE debugger, 3rd party device drivers, etc) also use this directory. `node_data/systmp -- temp file directory used by TCP/IP (/etc/tcpd), the mbx_helper, the server_process_manager (/sys/spm/spm), the display manager, and the registry. The display manger, /etc/tcpd, and /etc/rgyd all run as root.staff.none, but the spm and the mbx_helper both run as user.server.none `node_data/tmp -- temp file directory used by X Window server and by the local location broker (/etc/ncs/llbd). Both of these are usually run as root.staff.none if they are started at boot time. If you start X Windows after you login, it may wind up running as user.server.none Note that this directory is pointed to by /tmp (ie. it *is* the /tmp directory, but each diskless node has their own copy), so many Unix utilities will also want to use this directory. `node_data/usrtmp -- temp file directory point to by /usr/tmp. Not used by any of the Apollo servers that I'm running, but used by any Unix program that wants access to /usr/tmp. `node_data/dev -- the device file directory. Point to by /dev (ie. each diskless node has their own copy). All of the pad devices (ie. display manager window I/O), all of the crp devices (ie. remote login via /com/crp I/O), all of the pseudo- tty devices (ie. all TCP/IP based I/O), and all of your real ttys are located here. Note that /dev/sio1, /dev/sio2, and /dev/sio3 are equivalent to /dev/tty01, /dev/tty02, and /dev/tty03, respectively, but that they have different handshaking rules. Note that *everyone* (ie. %.%.%) must have read and write rights to the pad, crp, pty, sio/tty, tape, and floppy disk devices in order to do I/O on the node. Also, don't forget /dev/null! These are just a few of the places you can screw up. Other common problems are font file (/sys/dm/fonts), which are used by many GMR and GPR programs, the various spooling directories under /usr/spool (some of which are links back to `node_data). I've just noticed that I've been typing root.staff.none where I should have been typing root.wheel.none and root.server.none ... got to have that first cup of coffee before I read my mail ... If anyone has more tips, let me know and I'll summarize them. -- David Krowitz krowitz@richter.mit.edu (18.83.0.109) krowitz%richter.mit.edu@eddie.mit.edu krowitz%richter.mit.edu@mitvma.bitnet (in order of decreasing preference)