From:	CRDGW2::CRDGW2::MRGATE::"SMTP::DECWRL.DEC.COM::SIMPACT!JEH"  4-AUG-1989 21:25
To:	MRGATE::"ARISIA::EVERHART"
Subj:	Problems with mailer and LIB$RENAME under V5

Received: from decwrl.dec.com by DRYCAS.CLUB.CC.CMU.EDU; Fri, 4 Aug 89 21:11 EDT
Received: by decwrl.dec.com (5.54.5/4.7.34) id AA15564; Fri, 4 Aug 89 18:10:51
 PDT
Received: by decwrl.dec.com (5.54.5/4.7.34) for vmsnet@drycas.club.cc.cmu.edu;
 id AA15564; Fri, 4 Aug 89 18:10:51 PDT
Received: by simpact.UUCP (DECUS UUCP w/Smail); Fri,  4 Aug 89 18:09:16 PDT
Date: Fri,  4 Aug 89 18:09:16 PDT
From: Jamie Hanrahan <simpact!jeh@crdgw1>
Subject: Problems with mailer and LIB$RENAME under V5
To: vmsnet@DRYCAS.CLUB.CC.CMU.EDU
Message-Id: <8908050110.AA15564@decwrl.dec.com>

(Howard Airhart has problems with users who set default protection to
S:RE, after which uucp_mailshr can't rename the files it creates in 
UUCP_SPOOL:).  

The right answer to this is not to modify the call to LIB$RENAME but
rather to arrange things so that the files are always created with
the appropriate protection mask.  This can be done in the source code
to uucp_mailshr, but it can also be accomplished by putting a default
protection ACL on the spool directory.  Here is how Tom Allebrandi 
has his spool directory set up:

Directory DSKB:[UUCP]

SPOOL.DIR;1          UUCP_ADMIN          (RWED,RWED,E,E)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:E,WORLD:E)
(IDENTIFIER=[UUCP_USER],OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[UUCP_USER],ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=UUCP_ADMIN,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=UUCP_ADMIN,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)

Total of 1 file.

Note that UUCP_USER maps to a UIC (change this to whatever identifier you
used for your uucp accounts), while UUCP_ADMIN is a general identifier 
that can be granted to whoever needs to muck around in the spool directory.  

You can get lots more cautious with directory protections and still have 
things work; this isn't intended to be a "maximum security" setup.  

	--- Jamie Hanrahan
	jeh@simpact.com
