From:	CRDGW2::CRDGW2::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX"  4-JAN-1991 11:06:11.75
To:	MRGATE::"ARISIA::EVERHART"
CC:	
Subj:	Re: installing images with identifier

Received:  by crdgw1.ge.com (5.57/GE 1.80)
	 id AA02444; Fri, 4 Jan 91 10:31:37 EST
Received: From UCBVAX.BERKELEY.EDU by CRVAX.SRI.COM with TCP; Fri,  4 JAN 91 06:00:56 PST
Received: by ucbvax.Berkeley.EDU (5.63/1.42)
	id AA12542; Fri, 4 Jan 91 05:45:11 -0800
Received: from USENET by ucbvax.Berkeley.EDU with netnews
	for info-vax@kl.sri.com (info-vax@kl.sri.com)
	(contact usenet@ucbvax.Berkeley.EDU if you have questions)
Date: 3 Jan 91 18:21:48 GMT
From: pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!samsung!cs.utexas.edu!milano!uudell!bigtex!texsun!vector!egsner!ntpal!montagar!davidc@tut.cis.ohio-state.edu  (David L. Cathey)
Organization: Public Access VAX/VMS BBS, Plano TX
Subject: Re: installing images with identifier
Message-Id: <15561@montagar.lonestar.org>
References: <DE3D0304585F400116@KUB.NL>, <1991Jan2.112656.932@spcvxb.spc.edu>
Sender: info-vax-request@kl.sri.com
To: info-vax@kl.sri.com

In article <1991Jan2.112656.932@spcvxb.spc.edu>, terry@spcvxb.spc.edu (Terry Kennedy, Operations Mgr.) writes:
> In article <DE3D0304585F400116@KUB.NL>, S211KENO@KUB.NL (Kees Noyens - KUB/DRC) writes:
>> There have been rumours on this list that VMS 5.4 makes it possible to install
>> images with identifiers. Neither in the release notes, neither in de INSTALL
>> HELP I have found anything how this works. Can someone give some more
>> information about this ?
> 
>   The only thing I've found is the help in AUTHORIZE for ADD/ID/ATTRIB=SUBSYS-
> TEM, which isn't exactly a lot to go on. I don't recall anything in the rel-
> ease notes, either.
> 
> 	Terry Kennedy		Operations Manager, Academic Computing
> 	terry@spcvxa.bitnet	St. Peter's College, US
> 	terry@spcvxa.spc.edu	(201) 915-9381

	At DECUS, they went through it.  I thought it was in V5.4, but it isn't
on MY V5.4.  The following is some of the things I remember:

	The volume must be mounted or set to enable SUBSYSTEM's:

		$ MOUNT/SYSTEM/SUBSYSTEM [device] [volume]
			or
		$ SET VOLUME/SUBSYSTEM [device]

	This prevents an untrusted volume from granting identifiers to
	programs that grant access they shouldn't

	The programs are granted identifiers via the SUBSYSTEM ACE:

		$ SET FILE/ACL=(SUBSYSTEM,IDENTIFIER=xxxx) [file-spec]
			or some such command.

	When the image is activated, the identifier is granted to the process
	until image-rundown.

	It's the first I've heard of the AUTHORIZE command, but it makes
good sense...  I suspect it will be in the next major unannounced release
when we will probably be in shorts...

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
David L. Cathey		                |INET: davidc@montagar.lonestar.org
Don't blame me!  I voted for Bill and   |UUCP: ...!texsun!montagar!davidc
Opus for President!  Ack!  Thhrrptt!    |Fone: (214)-618-2117