 |
The Question is:
I have a question about the alphabetical UIC ?
A file "A.A" has UIC
[USER1, USER2] (RWED,RWED,RE,)
I verified the rightslist database and corresponding UIC of the OPTS and TOP are
USER1 [000100,177777]
USER2 [000101,000001]
I believe the alphabetical UIC was wrongly set as group UIC of "USER2" is not
under "USER1"
If so, what's the risk or protection leakage in the file A.A ? Can USER1 or
USER2 access the file A.A ? with what rights (i.e. RWED) ?
thanks.
The Answer is :
The text display maps information stored in the RIGHTSLIST file
to the binary information stored with the file, queue or other
object. It is the binary value of the identifier that is the
security-relevent attribute. The identifier text is used solely
to translate from and to more human-readable formats.
As for the group portion of the UIC display, details on re-adding
UIC group identifiers is discussed in the OpenVMS FAQ -- the USER1
value shown would tend to indicate that UIC [100,*] has the user
group translation of USER1.
For details on identifiers and related, please see the OpenVMS
Guide to System Security manual.
For related discussions, see the discussions here on creating
and divorcing nodes in a cluster -- maintaining the binary
UIC values is key to creating a single cluster security
domain from multiple SYSUAF and RIGHTSLIST files, when there
are objects with associated binary values from the various
nodes.
|
