randy@tessa.iaf.uiowa.edu (randy frank) (07/31/90)
This may seem awfully trivial, and I felt this would be the case but it is not explicitly shown in the manuals so I'll relay the info here. Our facility frequently develops applications for other SGI users on our net and makes the programs available via NFS to other sites. In doing so we set the programs up with --x access. The programs are also set up with FTR rules. Locally there is no problem as we all run in a developers group with rwx access. Remote (out of group) users may execute the programs fine. However, when Workspace attemps to type the applications (via tags) it cannot read the file and thus types the files as generic binaries for the remote users. This is easily fixed by giving read access to others. This could be seen as a security breach for some applications. (Note: all our apps are locked to the inode of a locking file so this is ok for us) Evidently the file typing program does not run with 'root' access??? This is also probably good as someone could easily stick a trojan horse in a lengthy FTR rule file and it would probably be installed undetected... Anyway, for us this is not a real problem as our code cannot be executed without special information anyway but we used to rely on execute only protection. I hope this is of some use to anyone else who may see applications improperly typed. -- rjf. Randy Frank, Engineer | (319) 335-6712 University of Iowa, Image Analysis Facility | 73 EMRB randy@tessa.iaf.uiowa.edu | Iowa City, IA 52242