[Info-vax] ACL Protection On An Image
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Wed Mar 25 08:06:00 EDT 2009
In article <3af8f5f4-945f-4672-a1a8-1e3848f9824c at e18g2000yqo.googlegroups.com>, lee_morgan at hotmail.co.uk writes:
>Hello
>
>I am looking for a method to control access to a specific image that
>I
>have residing on disk (not installed into memory).
>
>I have modified the protection on the image from W:RWE to W:R and now
>want to allow access, only via a Rights Identifier.
>
>
>I would prefer to create an ACL on the physical .exe file but when I
>try to do this I am having a few issues.
>
>
>Firstly, I create the rights identifier that I will use to control
>the
>access. Then I create the ACL on the executable, using the afore
>mentioned rights identifier. Finally I grant the rights identifier to
>a
>specific user but when they try to run the image, they are not
>authorized to execute it.
It might help to post the ACL and file protections:
$ DIRECTORY/SECURITY {imagename}.EXE
>When creating the ACL, I specified ACCESS=EXECUTE but still no joy.
UAF> GRANTing of the identifier is not enough as the user may not have
the right in their process if you granted this while they were logged
on. The user will need to log out and then log back in again, or use
$ SET RIGHTS_LIST/ENABLE {identifer}
>Any pointers would be grately appreciated.
>
>
>Maybe I am missing something and you cannot actually use this method.
>
>
>I've also read about using SUBSYSTEM ACL's but didnt want to make
>this
>too complicated.
However, a protected subsystem may be the way to go.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
http://www.quirkfactory.com/popart/asskey/eqn2.png
"Well my son, life is like a beanstalk, isn't it?"
More information about the Info-vax
mailing list