Subject: | |
From: | |
Reply To: | |
Date: | Fri, 8 Nov 1996 13:50:00 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Here's a strange one that cropped up this morning. We have a KSAM file
(CM KSAM) that resides on a specific group which other users, not in
that group, cannot access. Specifically the file attributes were:
> SECURITY--READ : ANY (keyfile and datafile the same)
> WRITE : ANY
> APPEND : ANY
> LOCK : ANY
> EXECUTE : ANY
> **SECURITY IS ON
Account security:
> SECURITY--READ : AC
> WRITE : AC
> APPEND : AC
> LOCK : AC
> EXECUTE : AC
Group security:
> SECURITY--READ : AC
> WRITE : AC
> APPEND : AC
> LOCK : AC
> EXECUTE : AC
> SAVE : AL, GU, GL
User's attributes (homed to another group in the account):
> CAP: ND,SF,BA,IA
The file is opened for SHR;LOCK access. The user was running a COBOL
program which opens the file for input. It returned a file-status item
starting with a '9' meaning an MPE error, and CKERROR gives the MPE
error as 93 which I presume to be an FSERR 93, security violation.
Neither the failing user, nor users of the file's home group are the
creator of the file (which is MANAGER). There were no ACDs on the file.
I could not work around this without :RELEASEing the key/data files.
Why? What would prevent access to this file? The closest duplication I
could find was opening it without ;LOCK which results in a fserr 48 (I
think it was) and not an fserr 93.
This is the strangest thing I've seen in a long time (that I can't
explain *somehow*).
Jeff Kell <[log in to unmask]>
|
|
|