[HECnet] How much should you be allowed to shoot yourself in the foot?

VMS has a fine grained privilege system - I haven't counted recently, but I'll bet there are close to 32 individual privileges that can be enabled or disabled at will. Processes have both an "authorized privileges" and an "enabled privileges" mask, so an account can have many privileges authorized but a user can selectively turn them on or off at will. Programs (really installed images, but that's an executable program for this discussion) also have a privilege mask and when a user runs one of these the image privileges are ORed with the process privileges. I'm not aware that specific privileges can be associated with specific terminals, but you can restrict accounts to only log in on local (hardwired) terminals, batch jobs, PTYs, network terminals, or even on the CTY only. There's also an elaborate system of ACLs for files, but that's a different story. One VMS privilege bit that I really like is "READALL" - this says that the process can have read access to any file on the system, regardless of protections. The process doesn't, however, get any special dispensation for modifying or deleting the file (there are other privilege bits for that!). Having read access to everything without having to worry about accidentally screwing something up is really handy. Bob