[Info-vax] ACL Protection On An Image

[John Santos]

In article <3af8f5f4-945f-4672-a1a8-
1e3848f9824c at e18g2000yqo.googlegroups.com>, lee_morgan at hotmail.co.uk 
says...> 
> Hello
> 
> I am looking for a method to control access to a specific image that
> I
> have residing on disk (not installed into memory).
> 
> I have modified the protection on the image from W:RWE to W:R and now
> want to allow access, only via a Rights Identifier.
> 
> 
> I would prefer to create an ACL on the physical .exe file but when I
> try to do this I am having a few issues.
> 
> 
> Firstly, I create the rights identifier that I will use to control
> the
> access. Then I create the ACL on the executable, using the afore
> mentioned rights identifier. Finally I grant the rights identifier to
> a
> specific user but when they try to run the image, they are not
> authorized to execute it.
> 
> 
> When creating the ACL, I specified ACCESS=EXECUTE but still no joy.
> 
> 
> Any pointers would be grately appreciated.
> 
> 
> Maybe I am missing something and you cannot actually use this method.
> 
> 
> I've also read about using SUBSYSTEM ACL's but didnt want to make
> this
> too complicated.
> 
> 
> Thanks in advance.
> 
> 
> Lee.

Have the user do a "$ show process/rights" to make sure they actually
have the rights identifier.  Make sure the user has logged out and back
in so their process will be created with the new right id.

If you enable security auditing on the object (file), you can wade 
through the security audit file to see where it breaks (tons of data, 
though.)


-- 
John Santos
Evans Griffiths & Hart, Inc.