PROFILE REMOTE - grant permissions to remote hosts.

Syntax:

REMOTE HOST=host USER=user option [option]*
(+|-)ALLPERMS
(+|-)PRINTer
(+|-)READ
(+|-)WRITE
+NOTIFY

Examples:

remote host=watcgl user=root +allperms
remote host=water user=fbaggins +allperms -write
remote host=watnot user=jdoe -allperms
remote host=watnot user=* +read

Options:

HOST=hostname
specifies the remote host (machine) from which the requests will be issued. You may specify "HOST=*" to apply permissions to ALL hosts for the given user.
USER=username
specifies the remote userid that will submit the requests. You may specify "USER=*" to apply permissions to ALL users on the host.
+PRINTer
grants permission to the remote user to charge printer listings to your account.
+READ
grants permission to the remote user to access the file system as if he were signed onto your account, but only for reading files.
+WRITE
grants permission to the remote user to access the file system as if he were signed onto your account, but only for writing (and creating) files. Note that giving write permission does not imply giving read permission.
+ALLPERMS
grants the above permissions (plus any others that we might add to the REMOTE line in the future).
-ALLPERMS
grants absolutely no permissions to the remote user.
+NOTIFY
sends mail to you if the REMOTE line matched someone's request. A paranoid would probably use "HOST=* USER=* -ALLPERMS +NOTIFY".

Description:

The login profile's REMOTE lines are used to grant to users on other hosts (machines) permission to use your account. Note that the order of entries in the file does not matter, and that specific permissions (i.e. User=userid) always override general permissions (i.e. User=*). A specific user on a general host overrides a general user on a specific host. The example at the top would allow everyone on "watnot" to charge their printer listings to your account, except for user "jdoe".

Each line must specify at least one of the (+|-) permission options. If a "-" option is used to remove a permission, the "+ALLPERMS" option must also be given.

In use, a request will be submitted by a user on one of the UNIX machines, say by "jdoe" on "watnot" to get the file fbaggins/file using the TSS userid "asmith". The file "asmith/_sysfiles/profile" is checked for a line matching "host=watnot" or "host=*", and "user=jdoe" or "user=*".

If the appropriate line is found, a set of permissions is generated. If these permissions include reading, the file "fbaggins/file" is read as if the userid "asmith" were doing the operation. "asmith" may or may not have permission to read this file, depending upon the normal GCOS-8 file system permissions.

If no matching line is found, the file "watnot/_sysfiles/profile" is checked to see if the administrators of "watnot" are willing to allow their user "jdoe" to make use of their account on the system. If so, the file "fbaggins/file" is accessed as if TSS userid "watnot" were doing the open.

Copyright © 1996, Thinkage Ltd.