dbfunk@ICAEN.UIOWA.EDU (David B. Funk) (09/20/88)
I would like to clarify my last note: article <8809142353.AA14291@umaxc.weeg.uiowa.edu>
The sigp/kill/crp control that is provided at SR10 is
a very nice feature. It is based upon the idea of "node
ownership". A node can be configured with an optional
"node owner" file. If this file is omitted then there is
no additional control (much like pre SR10.) If the file
exists then the names in it are used to determine who
is allowed to signal non-owned processes and crp on to
that node. Thus these powers can be restriced to a select
node owner or just "root".
This is the kind of control that I had in mind for things
like SHUT and EX when I said:
I am pleased to see that SR10 will provide process ownership
and "crp" control. I would like to add my vote to the "shut" control
demand.
There is one case where such control
could be a liability. If, due to some failure, things get
hosed badly enough, it might not be possible to log in to
any particular account. Then just being able to type in
"SHUT" at the login prompt is very nice. One possible answer
to this would be to provide a way to substitute a secret
command in place of shut. Then the sys_admin (or node owner)
could restrict the "SHUT" rights to those knowing the magic
word. (Yes this is reaching but in our environment every little
bit helps.)
Dave Funk
Iowa Computer Aided Engineering Network (ICAEN)
University of Iowa, Iowa City, IA
dbfunk@icaen.uiowa.edu