HP3000-L Archives

May 2002, Week 4

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Understanding Local Attributes
From:
"Johnson, Tracy" <[log in to unmask]>
Reply To:
Johnson, Tracy
Date:
Wed, 22 May 2002 15:19:46 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (159 lines) 
Bill Cadier and some others helped me out good here.

Although the masking behavior of the Account seems
non-MPE'ish to me.  Usually when I attempt to change
something, and I get a warning message that says the
system did something else, in this case it says:

"Lowered to Account's (CIWARN 975)"

I would expect it to set it to the value of what it 
said, not "hide" the true value and lie to me.

This could be a potential trojan horse.  For example,
I could set LOCATTR for a user, or a whole bunch of
users, and get the warning.  Then years later some new
System Manager raises the LOCATTR for the account, then
all the user's LOCATTR set years ago get "magically"
raised also, without the new SM knowing he did so.

What if MPE did this for CAPs of User's vs. Account?

Or what if POSIX did this for chmod on directories
vs. the files it contains if you don't specify -R ?

Tracy Johnson
MSI Schaevitz Sensors 

> -----Original Message-----
> From: Bill Cadier [mailto:[log in to unmask]]
> Sent: Wednesday, May 22, 2002 1:22 PM
> To: [log in to unmask]
> Subject: Re: [HP3000-L] Understanding Local Attributes
> 
> 
> Tracy asks:
> 
> > When trying to add a Local Attribute to a user I understand
> > that it must be less than the Account Local Attribute.  So
> > I change the Account LOCATTR to $00000002 then I try to
> > change the User to LOCATTR $00000001.
> >
> > /SYS/PUB%>ALTACCT XX;LOCATTR=$00000002
> > /SYS/PUB%>LISTACCT XX
> > ********************
> > ACCOUNT: XX
> >
> > DISC SPACE: 0(SECTORS)          PASSWORD: **
> > CPU TIME  : 329164(SECONDS)     LOC ATTR: $00000002
> > CONNECT TIME: 2720197(MINUTES)  SECURITY--READ    : ANY
> > DISC LIMIT: UNLIMITED                     WRITE   : AC
> > CPU LIMIT : UNLIMITED                     APPEND  : AC
> > CONNECT LIMIT: UNLIMITED                  LOCK    : ANY
> > MAX PRI  : 150                            EXECUTE : ANY
> > GRP UFID : $05600001 $50D54287 $00684CCA $80033089 $653E2AA5
> > USER UFID: $00000000 $00000000 $00000000 $00000000 $00000000
> > CAP: AM,AL,GL,OP,CV,UV,CS,ND,SF,BA,IA,MR,DS,PH
> >
> >
> > /SYS/PUB%>LISTUSER XXXXXX.XX
> > ********************
> > USER: XXXXXX.XX
> >
> > HOME GROUP: PUB45               PASSWORD: **
> > MAX PRI   : 150                 LOC ATTR: $00000000
> > LOGON CNT : 0
> > CAP: OP,ND,SF,BA,IA,MR,DS,PH
> >
> >
> > /SYS/PUB%>ALTUSER XXXXXX.XX;LOCATTR=$00000001
> > User assigned local attributes greater than the account 
> local attributes.
> > Lowered to account's. (CIWARN 795)
> >
> > So I check to make sure:
> >
> > /SYS/PUB%>LISTUSER XXXXXX.XX
> > ********************
> > USER: XXXXXX.XX
> >
> > HOME GROUP: PUB45               PASSWORD: **
> > MAX PRI   : 150                 LOC ATTR: $00000000
> > LOGON CNT : 0
> > CAP: OP,ND,SF,BA,IA,MR,DS,PH
> >
> > This seems odd.  After all I gave the Account a higher
> > number than the user.  O.K. fine.  I solve the problem
> > by giving the Account a abnormally high LOCATTR:
> >
> > /SYS/PUB%>ALTACCT XX;LOCATTR=$77777777
> >
> > /SYS/PUB%>LISTACCT XX
> > ********************
> > ACCOUNT: XX
> >
> > DISC SPACE: 0(SECTORS)          PASSWORD: **
> > CPU TIME  : 329164(SECONDS)     LOC ATTR: $77777777
> > CONNECT TIME: 2720197(MINUTES)  SECURITY--READ    : ANY
> > DISC LIMIT: UNLIMITED                     WRITE   : AC
> > CPU LIMIT : UNLIMITED                     APPEND  : AC
> > CONNECT LIMIT: UNLIMITED                  LOCK    : ANY
> > MAX PRI  : 150                            EXECUTE : ANY
> > GRP UFID : $05600001 $50D54287 $00684CCA $80033089 $653E2AA5
> > USER UFID: $00000000 $00000000 $00000000 $00000000 $00000000
> > CAP: AM,AL,GL,OP,CV,UV,CS,ND,SF,BA,IA,MR,DS,PH
> >
> > But without changing the user again, I find the user has
> > been given the LOCATTR that I attempted to give it before:
> >
> > /SYS/PUB%>LISTUSER XXXXXX.XX
> > ********************
> > USER: XXXXXX.XX
> >
> > HOME GROUP: PUB45               PASSWORD: **
> > MAX PRI   : 150                 LOC ATTR: $00000001
> > LOGON CNT : 0
> > CAP: OP,ND,SF,BA,IA,MR,DS,PH
> > /SYS/PUB%>
> >
> > Does this mean the user actually got the LOCATTR I original
> > gave it, but was masked by the account?
> >
> > Tracy Johnson
> > MSI Schaevitz Sensors
> 
> Yes.
> 
> The local attribute parameter is a bit map, the definitions 
> of the bits
> are whatever you want. The code reports only those bits in the user's
> local attribute that match the account's.
> 
> For example:
> 
> ALTACCT TEST;LOCATTR=111
> ALTUSER  FOO;LOCATTR=20
> 
> LISTUSER FOO shows a LOCATTR of 4 not 20.
> 
> 123 = 01111011 ($7b)
>   20 = 00010100 ($14)
>           ------------
>            00010000 ($10)
> 
> If I then change local attribute on the account to 127 (for example)
> the bits wind up as 01111111 and when logically AND'd to the
> users local attribute I see the original value 20 (hex 14).
> 
> HTH,
> 
> Bill
> HP/CSY
> 
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
> 

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2