[Info-vax] ACL Protection On An Image

lee_morgan at hotmail.co.uk lee_morgan at hotmail.co.uk
Wed Mar 25 07:01:51 EDT 2009 

On 25 Mar, 08:20, IanMiller <g... at uk2.net> wrote:
> On 25 Mar, 02:18, lee_mor... at hotmail.co.uk wrote:
>
>
>
>
>
> > Hello
>
> > I am looking for a method to control access to a specific image that
> > I
> > have residing on disk (not installed into memory).
>
> > I have modified the protection on the image from W:RWE to W:R and now
> > want to allow access, only via a Rights Identifier.
>
> > I would prefer to create an ACL on the physical .exe file but when I
> > try to do this I am having a few issues.
>
> > Firstly, I create the rights identifier that I will use to control
> > the
> > access. Then I create the ACL on the executable, using the afore
> > mentioned rights identifier. Finally I grant the rights identifier to
> > a
> > specific user but when they try to run the image, they are not
> > authorized to execute it.
>
> > When creating the ACL, I specified ACCESS=EXECUTE but still no joy.
>
> > Any pointers would be grately appreciated.
>
> > Maybe I am missing something and you cannot actually use this method.
>
> > I've also read about using SUBSYSTEM ACL's but didnt want to make
> > this
> > too complicated.
>
> > Thanks in advance.
>
> > Lee.
>
> Note that granting executing only access causes some special
> behaviour. What happens exactly ?- Hide quoted text -
>
> - Show quoted text -


Hi and thanks for your comments.

Yes, I ensured the user does have the rights identifier and that they
logged off and back on but still no joy.

The image now looks like so....

ROBOT.EXE;8               78  15-DEC-2005 14:32:39.97
[SYSTEM]                         (RWED,RWED,RWED,R)
          (IDENTIFIER=ROBOT$MANAGER,ACCESS=READ+EXECUTE)

But the user still cannot access the image...

$ robot show robot
ROBOT $2$GGA0: is not responding: Permission denied.
%SYSTEM-F-NOPRIV, insufficient privilege or object protection
violation

$ show proc/rights

25-MAR-2009 11:02:39.69   User: GTHORNTON        Process ID:
00129E7B
                          Node: CAMUAT           Process name:
"GTHORNTON"

Process rights:
 GTHORNTON                         resource
 INTERACTIVE
 REMOTE
 ROBOT$MANAGER

System rights:
 SYS$NODE_CAMUAT

Thanks again in advance.

Lee.

More information about the Info-vax mailing list