[VAX83D.RESTRICT]AAAREADME.TXT

	TO: 	  All Vax Users.

	FROM:     James Greer and Bob Moe
		  K N Energy
		  Lakewood Colorado 80251
		  phone (303) 989-1740
	
	SUBJECT:  Image security or how to keep certain users from 
		  compiling fortran programs.

	EQUIP.:   VAX 11/780

	DATE:     20 OCTOBER 1983

____________________________________________________________________________

		This system allows the system administrator to regulate
	which of his users are allowed to use the fortran compiler. 
	With a few minor changes, this system can be expanded to other 
	compilers, editors, and commands.

		The flow of the system starts with SYS$MANAGER:SYSLOGIN.COM,
	all of the logins on the system use SYSLOGIN.COM when logging into
	the system. Therefore, this is a logical place to put in a security
	bug.  SYSLOGIN.COM runs the command procedure RESTRICT.COM. This
	command procedure checks a security list of the users who are
	and are not allow the privilege of using the fortran compiler.
	If the name of the user is found in the VMSUSER.TXT, the 
	logical F*ORTRAN :== @SYS$MANAGER:VIOLATION.COM is set for that
	persons login. Therefore not allowing that login to compile
	fortran programs.

		The command procedure VIOLATION.COM when run sends a
	message to the operator, that a violation has occured, and sends
	a message to the user that this is not an allow function.