zeleznik%cs.utah.edu@wasatch.UUCP (Mike Zeleznik) (03/30/89)
Update/summary on open/closed protections on the AA node in sr10.*. The MINST program for 10.1.m (68k) and 10.0.p (10k) has the OPEN/CLOSED selection BACKWARDS! Selecting CLOSED gives you an OPEN system, and the reverse... Later versions are said to be fixed (?) Once installed as OPEN on my AA node, I could not get the OS on the AA into a closed form. However, from what I have heard, even if a source AA node is open, you can correctly install a closed system to another node. I haven't tried this. The only two ways I have found of locking down an open AA node are 1) set protections manually (either your own scripts or via inprot), or 2) re-invol and reinstall the OS, selecting an OPEN system. I did the latter and it worked okay, but is time consuming. While some things are obviously wrong (e.g., /com and /usr are world writable), at least most of the files seem to be right. It's a far cry better than before! Apollo or ADUS have no available template files for INPROT. If anyone (* hello, Apollo? *) gets around to putting them together, that would be great. Apparently there is some mechanism for converting your old ACL templates into inprot form, but I heard from someone who tried it that it didn't work. Mike Michael Zeleznik Computer Science Dept. University of Utah zeleznik@cs.utah.edu Salt Lake City, UT 84112 (801) 581-5617
freedman@cpsc.ucalgary.ca (Dan Freedman) (03/31/89)
We can confirm this behaviour of not being able to install a closed system from tape with either the OPEN or CLOSED selections. The solution is as follows: install from tape, specify OPEN the first time minst asks you, and say you want to run install++ interactively rather than use the apollo-supplied defaults. When you do run install++ interactively (which is not difficult, by the way), specify CLOSED when it asks you. Once you have a running 10.1 system, pick another node, and boot it diskless off of the original node. Invol its disk, and copy on the install tree from the original node, using /com/cpt //original/install //newmountednode/install -sacl Now run install++ from the ORIGINAL node (not the new node), as follows: install++ -x -i -l -s //newmountednode //newmountednode After configuring, and before saying exit, be sure to turn OFF install checking. Once the install has finished, the new node should have a properly configured CLOSED system, with an authorized area on it, and with the O/S hard-linked to the AA to save space. Now invol the original node, and do a NETWORK install of the O/S from the new node. CLOSED mode works fine for network installs. Dan Freedman University of Calgary Computer Science Department 2500 University Drive N.W. freedman@cpsc.UCalgary.CA Calgary, Alberta, T2N 1N4 ...!alberta!calgary!freedman