home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!zaphod.mps.ohio-state.edu!darwin.sura.net!europa.asd.contel.com!emory!sol.ctr.columbia.edu!destroyer!ncar!noao!arizona!arizona.edu!telcom.arizona.edu!leonard
- From: leonard@telcom.arizona.edu (Aaron Leonard)
- Newsgroups: comp.os.vms
- Subject: Re: Account creation utilities?
- Message-ID: <1992Nov17.173519.3995@arizona.edu>
- Date: 18 Nov 92 00:35:17 GMT
- References: <01GR9BYHRK6O9BW1GZ@SPOCK.FHCRC.ORG>
- Reply-To: Leonard@Arizona.EDU
- Distribution: world,local
- Organization: University of Arizona Telecommunications
- Lines: 28
- Nntp-Posting-Host: penny.telcom.arizona.edu
-
- In article <01GR9BYHRK6O9BW1GZ@SPOCK.FHCRC.ORG>, JOE@SPOCK.FHCRC.ORG (Joe Meadows) writes:
- ||
- | > I'm looking for a utility which would allow users who don't
- | >have write access to SYSUAF.DAT to be able to create and modify
- | >accounts. I know such a beast exists, and I recall someone mentioning
- | >it, but I can't seem to find it in the VMS software list.
- |
- | I'm sorry, I can't help myself, even realizing that a dozen other folks will
- | probably give the same answer but ....
- |
- |
- | How about using INSTALL SYS$SYSTEM:AUTHORIZE/PRIV=BYPASS? It sounds like
- | it would be exactly what you're asking for!
-
- On a non-facetious note, we once tried doing something like this:
- - set the protection on AUTHORIZE.EXE to W:none, and put an ACL on
- the file such that the "special" users had E access
- - in our startups, install AUTHORIZE with SYSPRV
-
- This seemed to meet our perverted needs for a while. Then we upgraded
- VMS, which took the liberty of setting the protection on the new version of
- AUTHORIZE to W:RE. Our startups merrily continued to install AUTHORIZE
- with SYSPRV, leaving us with a security hole big enough to drive a large
- vehicle thru, till the abashed system manager noticed it several weeks later.
-
- So I'd say, just give those users write access to SYSUAF ...
-
- Aaron
-
