dave@jplopto.Jpl.Nasa.Gov (Dave Hayes) (09/21/89)
Well, I am now deeply immersed in the SR10.1 experience. Here it is, 1AM after my second-and-a-half system regeneration from media and I am still waiting to get a "clean" OS on my hard disk. WHY did I regen the system twice and a half? One word: ACL'S!! Did you all know that INPROT has no template files? I'm sure you did (why just last week someone asked about this), but this is no big deal if you want to run a wide-open system. HOWEVER....if you need to have a closed system (like if you are hooking up to the Internet or something useful like that) then you are really pre...er...out-of-luck. Because of the lack of templates, you have no way of knowing the correct ACL state of your OS. This can present a problem. For example, most UNIX people close up rights to everything in /dev as a security measure. IF, however, you close up an SR10 /dev...well let's just say that your OS doesn't work anymore. Ok...so that's not too much of a problem, right? You can always UNacl dev. But /sys/subsys/login? INPROT (and ACL too) seems to delete the subsystem status of this file. Basically that causes problems with CRP. To fix this, one must have a copy of the file (with correct ACL's and Subsystems) located elsewhere...preferably on another node...but unfortunately on media if you happen to try and INPROT the first SR10 node. WHY ARE THERE NO TEMPLATE FILES FOR INPROT??? They were provided at SR9.7 (as part of the install software), why did they suddenly disappear? Is there a chance of getting a template for a closed system sometime in the near future? Knowing just how tightly your OS can be ACL'd shouldn't have to be a hacking experience. Someone should be able to tell you. Preferablyt the authors of the OS..... ============================================================================== Dave Hayes - Jet Propulsion Laboratory - dave%jplopto@jpl-mil.jpl.nasa.gov ------------------------------------------------------------------------------ The above e-mail address will hopefully be changed someday to the APOLLOs that I work on. Until then....*sigh*....c'est la vie. ==============================================================================