zeleznik%cs.utah.edu@wasatch.UUCP (Mike Zeleznik) (03/30/89)
Update/summary on open/closed protections on the AA node in sr10.*.
The MINST program for 10.1.m (68k) and 10.0.p (10k) has the OPEN/CLOSED
selection BACKWARDS! Selecting CLOSED gives you an OPEN system, and
the reverse... Later versions are said to be fixed (?)
Once installed as OPEN on my AA node, I could not get the OS on the AA
into a closed form. However, from what I have heard, even if a source
AA node is open, you can correctly install a closed system to another
node. I haven't tried this.
The only two ways I have found of locking down an open AA node are
1) set protections manually (either your own scripts or via inprot), or
2) re-invol and reinstall the OS, selecting an OPEN system. I did the
latter and it worked okay, but is time consuming. While some things
are obviously wrong (e.g., /com and /usr are world writable), at least
most of the files seem to be right. It's a far cry better than before!
Apollo or ADUS have no available template files for INPROT. If anyone
(* hello, Apollo? *) gets around to putting them together, that would be
great.
Apparently there is some mechanism for converting your old ACL templates
into inprot form, but I heard from someone who tried it that it didn't
work.
Mike
Michael Zeleznik Computer Science Dept.
University of Utah
zeleznik@cs.utah.edu Salt Lake City, UT 84112
(801) 581-5617freedman@cpsc.ucalgary.ca (Dan Freedman) (03/31/89)
We can confirm this behaviour of not being able to install a closed system from tape with either the OPEN or CLOSED selections. The solution is as follows: install from tape, specify OPEN the first time minst asks you, and say you want to run install++ interactively rather than use the apollo-supplied defaults. When you do run install++ interactively (which is not difficult, by the way), specify CLOSED when it asks you. Once you have a running 10.1 system, pick another node, and boot it diskless off of the original node. Invol its disk, and copy on the install tree from the original node, using /com/cpt //original/install //newmountednode/install -sacl Now run install++ from the ORIGINAL node (not the new node), as follows: install++ -x -i -l -s //newmountednode //newmountednode After configuring, and before saying exit, be sure to turn OFF install checking. Once the install has finished, the new node should have a properly configured CLOSED system, with an authorized area on it, and with the O/S hard-linked to the AA to save space. Now invol the original node, and do a NETWORK install of the O/S from the new node. CLOSED mode works fine for network installs. Dan Freedman University of Calgary Computer Science Department 2500 University Drive N.W. freedman@cpsc.UCalgary.CA Calgary, Alberta, T2N 1N4 ...!alberta!calgary!freedman