HP OpenVMS Systemsask the wizard |
The Question is: I have a question about the alphabetical UIC ? A file "A.A" has UIC [USER1, USER2] (RWED,RWED,RE,) I verified the rightslist database and corresponding UIC of the OPTS and TOP are USER1 [000100,177777] USER2 [000101,000001] I believe the alphabetical UIC was wrongly set as group UIC of "USER2" is not under "USER1" If so, what's the risk or protection leakage in the file A.A ? Can USER1 or USER2 access the file A.A ? with what rights (i.e. RWED) ? thanks. The Answer is : The text display maps information stored in the RIGHTSLIST file to the binary information stored with the file, queue or other object. It is the binary value of the identifier that is the security-relevent attribute. The identifier text is used solely to translate from and to more human-readable formats. As for the group portion of the UIC display, details on re-adding UIC group identifiers is discussed in the OpenVMS FAQ -- the USER1 value shown would tend to indicate that UIC [100,*] has the user group translation of USER1. For details on identifiers and related, please see the OpenVMS Guide to System Security manual. For related discussions, see the discussions here on creating and divorcing nodes in a cluster -- maintaining the binary UIC values is key to creating a single cluster security domain from multiple SYSUAF and RIGHTSLIST files, when there are objects with associated binary values from the various nodes.
|