lance@vax1.acs.udel.EDU (Daniel A Lentz) (07/09/90)
Hello again, all! I'm happy to see that the OS/2 newsgroups have been moving along while I was away... (Enough of that--here's my question:) I'm running EE 1.2 on a computer that is used by three people aside from myself, but I do the chores and make sure everything is running smoothly. Is there any program (shareware pref.) which would divy the machine into protected segments like UNIX? (Where each user has his own directory such as c:\root\lance and c:\root\JohnDoe, etc.) I'd like to set it up much like UNIX, but fancy things like making files world-readable aren't important. I'd also like to keep any directory level BELOW the user's home directory inaccessable to read, but executable--so that users wouldn't have access to the operating system or device drivers. The OS/2 security system is nothing like that and doesn't do much out of the LAN or SQL environment... Also I'd like each user to have a password, of course. TIA
alistair@microsoft.UUCP (Alistair BANKS) (07/14/90)
In article <6701@vax1.acs.udel.EDU> lance@vax1.udel.edu (Daniel A Lentz) writes: >Is there any program (shareware pref.) which would divy the machine into >protected segments like UNIX? (Where each user has his own directory such >as c:\root\lance and c:\root\JohnDoe, etc.) I'd like to set it up much like >UNIX, but fancy things like making files world-readable aren't important. >I'd also like to keep any directory level BELOW the user's home directory >inaccessable to read, but executable--so that users wouldn't have access >to the operating system or device drivers. Microsoft Lan Manager 2.0 provides such a secure file system. The access control lists for a file or directory are stored as part of the file system itself and unless the local or remote user has logged on with a valid name, password pair he will not be able to access parts of the disk restricted from him. The access permissions can be any combination of Read, Write, Create, Execute, Delete, Change Attributes, & Change Permissions and can be applied to users or groups of users with a granularity down to the single file level. New directories and files aquire the default permissions for that drive, the per-drive defaults being settable by the administrator. There are four classes of user:- Admin, User, Local & Guest. These are treated as special user groups and you can assign permissions to a person according to the groups he belongs to. Local security is a new feature of Lan Manager 2.0. This local security is a feature of the workstation software as well as the server software. Workstation software can be installed freely on your os/2 network, provided you have bought at least one copy of the server software. Alistair Banks OS/2 Group Microsoft
dale@mks.com (Dale Gass) (07/20/90)
In article <55814@microsoft.UUCP> alistair@microsoft.UUCP (Alistair BANKS) writes: >Microsoft Lan Manager 2.0 provides such a secure file system. > >There are four classes of user:- Admin, User, Local & Guest. These >are treated as special user groups and you can assign permissions >to a person according to the groups he belongs to. I have used IBM's Lan Manager (the same beast as Microsoft's, I believe) for several months, and found it be have a reasonable permissions structure, given the limitations of the OS/2 file system (now, the quality of the underlying token ring hardware and drivers was a joke, but that's another story). *However*, there is (or at least was) one serious bug in the version of the software I was using, that allowed any machine on the network (regardless of whether the person had *any* account on the domain), to get Admin privileges and access any file he wished. No major hacking required; all that was needed was to use the normal lan configuration menus for a certain setup. Although this hole was stumbled across by accident, and is unlikely to be found in day-to-day operations, it does make Lan Manager less than ideal for critical data. I foget the actual version we were using; IBM was aware of the problem, and may have fixed it in a later release. -dale@mks.com uunet!watmath!mks!dale