<quote who="Allen Egerton"> > From: "John Jenkins" <[EMAIL PROTECTED]> > To: <u2-users@listserver.u2ug.org> > Sent: Friday, October 28, 2005 7:28 AM > Subject: RE: [U2] To Limit TCL Access Privilege > > >> Take a look at "remote verbs" - these are ideal for what you want to >> achieve. >> >> Essentially, you change the VOC entries of key verbs to "R" type and use >> a >> BASIC subroutine to moderate any commands entered at TCL/ECL. >> >> The BASIC program can then decide to grant/deny/modify the command > entered. >> >> ALL editor commands should be blocked as should access to shell >> commands. >> >> You can also limit some commands (LIST/SORT for example) to only allow >> access to specified files. >> >> Don't forget, ON.ABORT and ON.EXIT.... > > > While you're at it, don't forget that an update will potentially overwrite > the changes you've made to the VOC, so that it's worth keeping track of > which items you've modified and having a mechanism in place to put the > modified versions back...
This thread has been discussed before at length including sample programs. Check the archives (I forget where they are, but check http://u2ug.org and you'll be directed to them). As for changing and modifying VOC verbs? I don't recommend it because it increases the administration extensively, plus it makes any upgrade much more daunting. Choose 'OS' modifications wisely else they *will* come back to haunt you. I wrote a TCL program that simulates the TCL prompt. That way, it's called from our application based on @LOGNAME and grants specific rights to some and other rights to others. This method is the easiest for me because upgrades don't overwrite it. I did it once and haven't had to do any more with it over the past 3 upgrades, including the purchase of a new server. My $US 0.02 Karl ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/