Workspace and execute only programs

[randy frank]

This may seem awfully trivial, and I felt this would be the case
but it is not explicitly shown in the manuals so I'll relay the
info here.

	Our facility frequently develops applications for other
SGI users on our net and makes the programs available via NFS
to other sites.  In doing so we set the programs up with --x access.
The programs are also set up with FTR rules.  Locally there is
no problem as we all run in a developers group with rwx access.
Remote (out of group) users may execute the programs fine.
However, when Workspace attemps to type the applications
(via tags) it cannot read the file and thus types the files as
generic binaries for the remote users.  This is easily fixed
by giving read access to others.  This could be seen as a security
breach for some applications.  (Note: all our apps are locked to
the inode of a locking file so this is ok for us)  Evidently the
file typing program does not run with 'root' access???  This is
also probably good as someone could easily stick a trojan horse
in a lengthy FTR rule file and it would probably be installed
undetected...

Anyway, for us this is not a real problem as our code cannot be
executed without special information anyway but we used to rely
on execute only protection.  I hope this is of some use to anyone
else who may see applications improperly typed.
--
rjf.
Randy Frank, Engineer                       |  (319) 335-6712       
University of Iowa, Image Analysis Facility |  73 EMRB              
randy at tessa.iaf.uiowa.edu                   |  Iowa City, IA 52242