[Info-vax] Default protection question
Phillip Helbig---undress to reply
helbig at astro.multiCLOTHESvax.de
Sat Nov 6 09:42:26 EDT 2010
In article <ib3j36$14o$1 at ns.felk.cvut.cz>, smithfarm
<presnypreklad at gmail.com> writes:
> > "A new file receives the default UIC-based protection and the default
> > access control list (ACL) of its parent directory."
>
> Thanks guys, for the illumination. I now understand the sentence: the
> phrase "of its parent directory" only applies to "the default access
> control list (ACL)", and not to "the default UIC-based protection". At
> first I thought it meant that new files inherit both the ACL and the UIC
> protection from the parent directory.
Right. A pair of parentheses could have made it clearer in the manual.
> So, to put it simply, the UIC of a newly-created file is given by the
> default UIC of the *process*,
Right.
> while its ACL is taken from the parent
> directory.
If there is one.
However, if a FILE has an ACL, and you create a higher version of the
file, then IIRC the ACL is inherited from the lower version of the file.
> Since I'm focusing on a complete reading of the User's Manual,
Good place to start!
> so I'm
> not going in-depth into ACLs at this point. I get the feeling they were
> designed for the multi-user time-sharing systems, whereas today most
> systems (including mine) are single-user.
Right. If you need something more refined than system/user/group/world,
then that is one use for ACLs.
A suggestion for accounts. First, you should have your own account
(say, SMITHFARM) without any special privs (except READALL, so that you
don't have to go to a priviledged account just to read something), then
an administration account with the same privs as yours by default but
with all privs authorized (so they can be turned on if necessary). You
might want this account to execute YOUR LOGIN.COM, so that it has the
same look and feel. Leave the system account alone, and don't even have
a LOGIN.COM for it (except maybe for stuff like
SET TERMINAL/INQUIRE/INSERT, but then I would have this in SYS$SYLOGIN).
More information about the Info-vax
mailing list