.ps 58,70 .ap .p 0 .c;========================================== .c;IMU --- Identifier Management Utility V1.1 .c;========================================== .s .c;by .s .c;G. Beau Williamson .c;Rockwell International .c;1200 N. Alma Rd. .c;Richardson, TX. 75081 .c;(214) 996-5547 .s .c;Updated by : Steven Douglas .s .c;July 6, 1987 .s2 .hl 1 INTRODUCTION IMU is a Rights Identifier Management utility program that permits authorized, non-privileged, users to "Grant" and "Revoke" certain Rights Identifiers to/from other users via an "Authorize" like set of commands. For example: .literal IMU> GRANT/ID identifier username .end literal IMU therefore allows the authorized users to manage their own generic Rights Identifiers (such as application or project oriented identifiers) specifically set up for them by the System Manager without needing access to the "Authorize" utility. Users may optionally be granted the ability to authorize other users to grant and revoke the Rights Identifiers under their control via the ACL editor. .hl 1 IMU COMPONENTS IMU is composed of the following components: .list .le;IMU.EXE image file. .le;IMU Directory. .le;Rights-ID files. .els .hl 2 IMU.EXE The IMU image "IMU.EXE" is the actual IMU program and must be installed with "SYSPRV" and "CMEXEC" privileges. IMU is activated using a foreign command "$SYS$SYSTEM:IMU" which is set up as a system-wide symbol of "IMU". .hl 2 IMU Directory The "IMU Directory" is a special protected directory which contains the "Rights-ID" files that specify the users authorized to manage a single generic Rights-ID via IMU. The IMU directory is pointed to by the System Logical name "IMU__DIR" and normally resides under the [SYSMGR] directory with the following protection: .literal Directory SYS$COMMON:[SYSMGR] IMU.DIR 1/4 [SYSTEM,MANAGER] (RWE,RWE,RE,E) (DEFAULT_PROTECTION,SYSTEM:,OWNER:RWED,GROUP:,WORLD:) .end literal .hl 2 Rights-ID Files The Rights-ID files serve as the "Authorized Users List" for each Rights Identifier to be managed by IMU. Each Rights-ID is made up of a single empty file in the IMU directory and has a filename of the format: .literal identifier.ACL where: identifier is the name of the Rights Identifier. .end literal Each Rights-ID file contains an ACL with an ACE for each authorized user that may manage the identifier. When a user attempts to issue a command to the IMU program to "GRANT", "REVOKE", "LIST" or "SHOW" a Rights Identifier, IMU checks the Rights-ID file associated with the Rights Identifier to determine if the user is authorized to perform the requested command. The following table shows the functions enabled by READ, WRITE and CONTROL access to the Rights-ID file. .tp8 .literal ACCESS MEANING ------- ------------------------------------------------- READ Permits use of IMU "LIST" and "SHOW" commands. WRITE Permits use of IMU "GRANT" and "REVOKE" commands. CONTROL Permits the user to edit the Rights-ID file ACL. .end literal .hl 1 A SAMPLE SYSTEM Let's assume the following generic Rights Identifiers are to be managed by certain authorized users. .list .le;SYSENG ####--- System Engineering .le;PRICING ###--- Pricing Department .le;PROGRAMMER --- Programmers .els Assume also, that the System Manager has created the following Rights-ID files: .tp12 .literal Directory SYS$COMMON:[SYSMGR.IMU] SYSENG.ACL;1 0/0 [SYSTEM,MANAGER] (,RWED,,) (IDENTIFIER=[SMITH],ACCESS=READ+WRITE+CONTROL) (IDENTIFIER=[DAVIS],ACCESS=READ) PRICING.ACL;1 0/0 [SYSTEM,MANAGER] (,RWED,,) (IDENTIFIER=[CARTER],ACCESS=READ+WRITE+CONTROL) PROGRAMMERS.ACL;1 0/0 [SYSTEM,MANAGER] (,RWED,,) (IDENTIFIER=[SAMPSON],ACCESS=READ+WRITE+CONTROL) (IDENTIFIER=[DELBERT],ACCESS=READ+WRITE) .end literal This means that the above Rights-ID files permit the following functions to be performed by the following users for the indicated Rights Identifiers. .literal RIGHTS AUTHORIZED IDENTIFIER USER FUNCTIONS AUTHORIZED ---------- ---------- ---------------------------------- SYSENG SMITH GRANT, REVOKE, LIST, SHOW, Edit_ACL SYSENG DAVIS LIST, SHOW PRICING CARTER GRANT, REVOKE, LIST, SHOW, Edit_ACL PROGRAMMER SAMPSON GRANT, REVOKE, LIST, SHOW, Edit_ACL PROGRAMMER DELBERT GRANT, REVOKE, LIST, SHOW .end literal Notice that users granted CONTROL access to a Rights-ID file may edit the Rights-ID file's ACL. This enables the user to add/remove other users to/from the list of users that may manage the Rights Identifier. This is accomplished by adding or removing entries for those users to/from the ACL on the Rights-ID file. For example, user "SMITH" may invoke the ACL Editor by typing .literal $ EDIT/ACL/NOJOURNAL IMU_DIR:SYSENG.ACL .end literal to edit the ACL on "SYSENG.ACL" and remove the entry in the ACL for user DAVIS. This would remove the ability of user "DAVIS" to use IMU to LIST or SHOW the Rights Identifier "SYSENG" since user "DAVIS" would no longer have "READ" access to the "SYSENG.ACL" file. (Note that the /NOJOURNAL qualifier is necessary to avoid error messages from the ACL Editor since the user doesn't have write access to the IMU__DIR directory.) .hl 1 INSTALLING IMU The installation of IMU is accomplished in the following basic steps: .list .le;Loading the IMU files to disk .le;Building the IMU image and help library .le;Installing the IMU image with SYSPRV and CMEXEC .le;Creating the IMU Directory .els .hl 2 Loading the IMU files Start by creating a working directory for the installation procedure. This directory can be deleted after the installation has been completed. Use the BACKUP utility to copy the IMU files to the IMUTMP directory. The actual commands used to create your temporary directory and copy the files will differ from site to site (and whether you are copying from a VAX Sig tape) but will be something like the following: .literal $ CREATE/DIRECTORY [.IMUTMP] $ SET DEFAULT [.IMUTMP] $ BACKUP $2$MUA0:IMU.BCK [] .end literal .hl 2 Building the IMU Image and Help Library Once the files have been copied to the temporary directory, the IMU image and the IMU Help library must be built and copied to their target directories. This is accomplished by executing the "IMUBUILD.COM" command procedure as follows: .literal $ @IMUBUILD .end literal This command procedure will result in the following IMU files being built and copied to their respective target directories. .literal SYS$SYSTEM:IMU.EXE SYS$HELP:IMUHELP.HLB .end literal .hl 2 Installing the IMU image Because the IMU image requires the SYSPRV and CMEXEC privileges to make changes to the RIGHTSLIST.DAT file via System Services, it must be installed as a known object with the "SYSPRV" and "CMEXEC" privileges. The following commands will accomplish this: .literal $ INSTALL == "$SYS$SYSTEM:INSTALL/COMMAND_MODE" $ INSTALL ADD/PRIV=(SYSPRV,CMEXEC) SYS$SYSTEM:IMU .end literal These two lines should also be added to the System Startup command file SYSTARTUP.COM so that IMU is installed each time the system is booted. .hl 2 Creating the IMU Directory The final step is to create the IMU Directory and define the System Logical name "IMU__DIR" to point to this directory. The recommended location of this directory is "SYS$COMMON:[SYSMGR.IMU]". Assuming the recommended location of the IMU directory, the following commands will create the directory and define the logical name. .literal $ CREATE/DIRECTORY SYS$COMMON:[SYSMGR.IMU] $ SET ACL/ACL=(DEFAULT_PROTECTION,SYSTEM:,OWNER:RWED,GROUP:,WORLD:) - SYS$COMMON:[SYSMGR]IMU.DIR $ DEFINE/SYSTEM/EXECUTIVE_MODE IMU_DIR SYS$COMMON:[SYSMGR.IMU] .end literal The user privilege "SYSNAM" is required to define the logical name in executive mode. .hl 1 CREATING NEW RIGHTS IDENTIFIERS Once IMU has been installed, the System Manager creates the actual Rights Identifier and a Rights-ID file (with its associated ACL) for each Rights Identifier that is to be managed. This may be accomplished by the following commands. .literal $ RUN SYS$SYSTEM:AUTHORIZE ADD/ID identifier EXIT $ SET DEFAULT IMU_DIR $ CREATE identifier.ACL ^Z $ EDIT/ACL identifier.ACL .end literal The last step in the above procedure activates the ACL editor so that the ACL for the Rights-ID file may be created. (See the "VAX/VMS ACL Editor Manual" for details on the use of the ACL Editor.) .hl 1 RUNNING IMU It is recommended that the following system-wide symbol be defined (in SYS$SYLOGIN) to run the IMU program. .literal $ IMU == "$SYS$SYSTEM:IMU" .end literal This will permit users to invoke IMU two methods: .literal 1. By simply typing: $ IMU .end literal When IMU is activated, it will return a prompt of "IMU>" indicating that it is ready to receive commands. .literal 2. By typing "IMU" plus an IMU command to be performed: $ IMU imu-command .end literal This causes IMU to activate, perform the requested command and then return to the system prompt. .hl 1 IMU COMMANDS IMU implements the following subset of "Authorize" utility commands: .list .le;GRANT/ID .le;REVOKE/ID .le;SHOW/ID .le;LIST/ID .le;EXIT .le;HELP .els Since these IMU commands are identical to the "Authorize" utility commands, you will find detailed documentation on these commands in the "VAX/VMS Authorize Utility Manual". .hl 1 BUG FIXES AND ENHANCEMENTS .hl 2 SECURITY HOLE PLUGGED In Version 1.0, the user could define his/her own process logical for IMU$DIR which caused IMU to access the incorrect directory for the .ACL files that control access to the rights identifiers. To prevent this, Version 1.1 translates the logical IMU__DIR in EXECUTIVE__MODE for access security of the rights identifiers. .hl 2 FILE SPECIFICATION CHANGED In Version 1.0, if a user had a logical name defined that was the same as the filename of the .ACL file he/she was trying to access, IMU would use the logical name's definition in the file specification rather than the filename when trying to open the file. This would cause the file specification to be incorrect and a "no access" error would be returned to the user. The complete file specification is now concatenated forcing IMU to use the filename instead of the logical name. .hl 2 LOGICAL IMU$DIR CHANGED TO IMU__DIR The logical name IMU$DIR has been changed to IMU__DIR in Version 1.1. This was done to comply with the DEC standard in which the "$" character is reserved for DEC defined logicals and the "__" character reserved for user defined logicals. .hl 2 DYNAMIC ATTRIBUTE ADDED The attribute command qualifier option list has been expanded to include the DYNAMIC attribute. The RESOURCE attribute option is still available as it was in the previous version. For example, user "JONES" is granted SYSGEN.ACL with DYNAMIC and RESOURCE attributes: .literal $ GRANT/ID/ATTRIBUTES=(DYNAMIC,RESOURCE) SYSGEN JONES .end literal .hl 2 FOREIGN COMMANDS EXCEPTED The IMU program now allows users to perform IMU commands from the system prompt by obtaining foreign commands. This can be accomplished by typing the following from the system prompt: .literal $ IMU imu-command where: imu-command is any valid IMU command .end literal After peforming the requested command, the system prompt is returned.