The Question is:
I have a number of privilege users on the system with the following privileges:
I want to protect certail system level files and/or utilities. For example, I
do not want them to get into the UAF utility and add/modify/delete UAF Records.
I set the following ACL on the .EXE and the .DAT file, but they still can gain
SYSUAF.DAT;2 90/90 6-NOV-2000 18:53:59.64
The Answer is :
The mechanism used to protect files and other objects is the privilege.
You cannot protect against any access by any user with any of the more
powerful privileges -- any privilege in the "all" category -- by any
means other than the removal of the privilege(s).
Again, you cannot protect against a privileged user. Again, you must
either remove the privilege(s), or you must trust the user -- or the
two users, in the case of a two-person (two-password) login -- to act
Please review the OpenVMS security documentation for further information,
and for privilege and protection recommendations, and for details of
operating in a secure environment -- see the NCSC Class C2 appendix,
among other portions of the manual.
Related topics include (5639), (7368), (7813), and others.