LISTSERV - HP3000-L Archives

HP3000-L Archives

February 1995, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 1995, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Save/Purge in other account
From:	Jerry Fochtman <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sun, 5 Feb 1995 19:03:00 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (56 lines)

Thomas Hagen ([log in to unmask]) wrote:

[...snip...]
> Today I tried to copy files from one account to another.  I also tried to
> purge in another account than the one I was standing in.  In both cases I
> got an error telling me that my cmmand could not be executed because the
> file in the other account could not be closed.  Could someone please help
> me out by telling why this restriction exists and how I can get around it.
[...snip...]

Even prior to 5.0 and without special capabilities, one can purge files
(except for priviliged files) in another account provided that the account
and the group which contains the files allows the user issuing the command
both READ and WRITE access to ANY:

       ALTACCT 'acct';ACCESS=(R,W,L,A,X:ANY;S:AC)
       ALTGROUP 'grp';ACCESS=(R,W,L,A,X:ANY;S:AC)

As for creating a file in another account, indeed with POSIX and SM
capability one can do this.  But I doubt you'd want to give a lot of people
this capability.  However, back in the old days of MPE-IV & V, we had a
similar need which we solved.

[...standard disclaimer inserted here...]

Basically we determined that it was the MPE commands NEWACCT/ALTACCT which
prohibit a user from setting the SAVE file access attribute to ANY at the
account level.  To get around this, I either used DISKEDIT and 'patched'
the account level directory entry to set the "SAVE" access to "ANY".  Having
gotten tired of walking the directory structure, I wrote a program to call
the undocumented directory routines to do the same.

I suspect the same can be done on MPE/iX systems, but doing it by hand is
out of the question for many folks.  Instead, I suspect it would be possible
to write a routine which calls an AIF to update the directory entry instead.
Another possibility would be to develop a program which calls HPFCLOSE
(undocumented intrinsic) to close the file with a KEEP/SAVE option.  However,
this approach limits the transfer of files to the specific program vs. using
other utilities.

[..plug sneaking in...]

On the other hand, a safer method might be to consider acquiring the MPE
security package SAF/3000 from Monterey Software.  With this package one
writes file-level access rules (similar to ACF2/RACF).  Using this package
it is possible to write a rule which permits users to create files in other
accounts.  We used this to setup a specific 'TRANSFER' account where analysts
can write/read files.  Using this account, analysts can share files/programs
with one another without having to completely open-up the production source
environments.  In this manner, it's the vendor who has to deal with HP in
terms of problems with the PM code as opposed to us!

[..plug pulled..]

Regards -- Jerry Fochtman

ATOM RSS1 RSS2

RAVEN.UTC.EDU