Leonard Berkowitz writes:

>Here is the security matrix for the target data base
>
>FILE: dbase.DATA.acctone
>
>ACCOUNT ------  READ : ANY
>               WRITE : ANY
>              APPEND : ANY
>                LOCK : ANY
>             EXECUTE : ANY
>
>GROUP --------  READ : ANY
>               WRITE : AC
>              APPEND : AC
>                LOCK : AC
>             EXECUTE : AC
>                SAVE : AC
>
>FILE ---------  READ : ANY                FCODE: -400
>               WRITE : ANY              **SECURITY IS ON
>              APPEND : ANY                NO ACDS
>                LOCK : ANY
>             EXECUTE : ANY
>
>FOR user.accttwo: READ
>
>Opening this data base from accttwo in mode 5 caused a security violation.
>Changing the group matrics to LOCK : ANY solved the problem. Why does mode
>5 need locking capability?

DBLOCK is permitted in mode 5. In addition, IMAGE needs to lock the root
file as part of the open process since mode 5 permits other processes
with write access.

-- Bruce


--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
btoback AT optc.com                |     -- Edna St. Vincent Millay
Mail sent to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *