HP3000-L Archives

August 1997, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Letting AM backup IMAGE
From:
Lars Appel <[log in to unmask]>
Reply To:
Lars Appel <[log in to unmask]>
Date:
Sun, 17 Aug 1997 19:51:52 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (22 lines) 
Picking up Mark's idea...

>Why not give them a jobstream, running under MANAGER.SYS or OPERATOR.SYS
>which resides in a group in the SYS Account. You could protect the group by
>limiting them to Execute Access only. All they can do is STREAM the job,
>they can't PRINT it to see the passwords..

As of MPE/iX 5.5 you might even use the JOBSECURITY PASSEXEMPT=XACCESS
feature and define the eXecute (i.e. stream) permission via an ACD like

 :ALTSEC backupj.somegrp.SYS; NEWACD=(X:user.acct)

This should allow user.acct to stream the backup job (without any need to
embed passwords in the job or have user.acct knowing them) while not allowing
them to view or modify the job stream.

You might create one backup job for each client and setup individual ACD's
for each of them (assuming different user.acct for each client) to isolate
the clients from each other.

Lars.

ATOM RSS1 RSS2