LISTSERV - HP3000-L Archives

HP3000-L Archives

October 1998, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L October 1998, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	$OWNER and ACDs
From:	"Stigers, Greg [And]" <[log in to unmask]>
Reply To:	Stigers, Greg [And]
Date:	Thu, 8 Oct 1998 16:24:28 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (36 lines)

I may have got myself bitten by the law of unintended consequences here. I
use a netrc to hide the username and password, so when a job issues "ftp
myserver", it is logged on, without entering the password, or more to the
point, without having the password contained in a job stream or command
file. Just to be paranoid, I also put an access mask and an ACD on this
file, and changed the owner to a username that is CAP=BA (so no one can
actually sign on as that user, at least not without some work as an account
manager). And I use a file equation to point to the actual file, so there is
no file named netrc.<home-group>.

So, now we want to connect to another host from a job that runs under a
different username. I add an ACD pair for read access for that new user. And
it doesn't work. No error messages, but ftp prompts for a username instead
of picking it up from the netrc file. So, on my test system, I try a few
things with a CAP=IA user. I find that if I completely remove the ACD, the
new user works. Finally, after trying several things that also don't work,
and being rather puzzled, I wonder if file ownership has anything to do with
this, so I reset the file ownership to this new user, and it works. So, I
try a LISTFILE,-3, which as owner I should be able to do, but that fails. I
begin to feel the depths of my ignorance...

Basically, I want a netrc file in a secured group in SYS that only a few BA
job stream ids, as defined by an ACD, and the system manager, can access.
And I want to use a file equation to point to that file for that user. Oh,
and I want it to actually work, which is the one part I don't have right
now.

I guess I could have one aliased netrc file for each username, and just
ALTFILE alias.group.account;owner=username. And good arguments could be made
for doing so. And there are probably a few other completely different ways
to approach this whole problem. But I would like to understand what
ownership is doing that ACDs do not. A search for $OWNER on the LaserROM in
the MPE Command Reference Manual didn't tell me enough. I think I remember
reading some discussion of this on the list some time ago, and hoped someone
could help me sort this out.

ATOM RSS1 RSS2

RAVEN.UTC.EDU