Just a suggestion. Why not have TWO directories?
(a) WRITE ONLY - anyone can send files to it - normally named: INCOMING
(b) READ ONLY - anyone can read any file
Just in case, you can (probably should) monitor
what is added to (a), then copy it over to (b)
ONLY after it is checked. Having (a) which
only you can look at (you might allow the contents
to be displayed, but I would not recommend it)
provides much better security. I also suggest that
for any file larger that 10 MB, an MD5 checksum
also be sent so you can verify the large file was
sent correctly.
I thought of doing this, but it requires manual intervention, delays etc. so I decided to go with the on directory approach, with the expectation that people on HECnet are reasonably responsible.
If there is a huge amount of abuse / corrupted files I'll rethink the strategy.
Thanks for the tip though.
You can set RWE for world set on the directory by default, but have a script periodically set all files to w:RE only. There's probably a better way to do it, though.
OK, I've set it up.
The HECnet "intranet" read/write repository can be found on CHIMPY::[.DROPBOX].
Feel free to copy anything there that you think might be of interest to other HECnetters.
sampsa
On Tue, Oct 8, 2013 at 10:22 AM, Cory Smelosky <b4 at gewt.net> wrote:
On Tue, 8 Oct 2013, Sampsa Laine wrote:
On 8 Oct 2013, at 01:52, Sampsa Laine <sampsa at mac.com> wrote:
Do we have an intranet site only accessible via DECnet? I dont put any (much) personal information on the net.
Daniel.
That's what I'm trying to do with the "Dropbox" on CHIMPY:: - anyone can add or view files, but not delete or edit them. Just not sure what the correct security setting for the directory should be...
Is this type of security option on a dir possible? I can't figure out how to set it up, but somebody amongst you gurus must know :)
You can set RWE for world set on the directory by default, but have a script periodically set all files to w:RE only. There's probably a better way to do it, though.
That sounds pretty, well, yuck.
Not that I have given it much thought you would likely be able to achieve this sort of environment using ACLs. I recommend checking out the VMS security manual.
Regards, Tim.
On Tue, Oct 8, 2013 at 10:23 AM, Sampsa Laine <sampsa at mac.com> wrote:
On 8 Oct 2013, at 04:19, Cory Smelosky <b4 at gewt.net> wrote:
> On Tue, 8 Oct 2013, Daniel Soderstrom wrote:
>
>> SET HOST EISNER straight from a DECServer will be nice.
>>
>
> A DECserver speaking DECnet? That'd be awesome to have. Mine (albeit awesome, and one of my favourite things) only speaks LAT. ;)
>
My DS300 does inbound Telnet as well as inbound/outbound LAT and serial :)
No DECNET as far as I know.
I don't recall a DECserver that talks DECnet. It is the wrong protocol for that type of communication. DECservers originally only spoke LAT, which was developed specifically for local area communications (which it does very well).
Regards, Tim.
On 8 Oct 2013, at 04:19, Cory Smelosky <b4 at gewt.net> wrote:
On Tue, 8 Oct 2013, Daniel Soderstrom wrote:
SET HOST EISNER straight from a DECServer will be nice.
A DECserver speaking DECnet? That'd be awesome to have. Mine (albeit awesome, and one of my favourite things) only speaks LAT. ;)
My DS300 does inbound Telnet as well as inbound/outbound LAT and serial :)
No DECNET as far as I know.
Sampsa
On Tue, 8 Oct 2013, Sampsa Laine wrote:
On 8 Oct 2013, at 01:52, Sampsa Laine <sampsa at mac.com> wrote:
Do we have an intranet site only accessible via DECnet? I dont put any (much) personal information on the net.
Daniel.
That's what I'm trying to do with the "Dropbox" on CHIMPY:: - anyone can add or view files, but not delete or edit them. Just not sure what the correct security setting for the directory should be...
Is this type of security option on a dir possible? I can't figure out how to set it up, but somebody amongst you gurus must know :)
You can set RWE for world set on the directory by default, but have a script periodically set all files to w:RE only. There's probably a better way to do it, though.
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On Tue, 8 Oct 2013, Daniel Soderstrom wrote:
SET HOST EISNER straight from a DECServer will be nice.
A DECserver speaking DECnet? That'd be awesome to have. Mine (albeit awesome, and one of my favourite things) only speaks LAT. ;)
Daniel
Sent from my iPhone
On 8 Oct 2013, at 6:04 am, Sampsa Laine <sampsa at mac.com> wrote:
On 7 Oct 2013, at 23:27, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
Brian,
Any news / progress on the EISNER project?
No news. Hopefully, that trasnlates to good news.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Cool. Pretty excited about the prospect myself.
Sampsa
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On 8 Oct 2013, at 01:52, Sampsa Laine <sampsa at mac.com> wrote:
Do we have an intranet site only accessible via DECnet? I dont put any (much) personal information on the net.
Daniel.
That's what I'm trying to do with the "Dropbox" on CHIMPY:: - anyone can add or view files, but not delete or edit them. Just not sure what the correct security setting for the directory should be...
Is this type of security option on a dir possible? I can't figure out how to set it up, but somebody amongst you gurus must know :)
On 8 Oct 2013, at 03:47, Daniel Soderstrom <snaggs at mac.com> wrote:
SET HOST EISNER straight from a DECServer will be nice.
I like the idea of being able to mail and phone users from HECnet to EISNER,
EISNER::LAINE_SA just becomes a lot more meaningful :)
Sampsa
SET HOST EISNER straight from a DECServer will be nice.
Daniel
Sent from my iPhone
On 8 Oct 2013, at 6:04 am, Sampsa Laine <sampsa at mac.com> wrote:
On 7 Oct 2013, at 23:27, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
Brian,
Any news / progress on the EISNER project?
No news. Hopefully, that trasnlates to good news.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Cool. Pretty excited about the prospect myself.
Sampsa
