Bill Cadier and some others helped me out good here.
Although the masking behavior of the Account seems
non-MPE'ish to me. Usually when I attempt to change
something, and I get a warning message that says the
system did something else, in this case it says:
"Lowered to Account's (CIWARN 975)"
I would expect it to set it to the value of what it
said, not "hide" the true value and lie to me.
This could be a potential trojan horse. For example,
I could set LOCATTR for a user, or a whole bunch of
users, and get the warning. Then years later some new
System Manager raises the LOCATTR for the account, then
all the user's LOCATTR set years ago get "magically"
raised also, without the new SM knowing he did so.
What if MPE did this for CAPs of User's vs. Account?
Or what if POSIX did this for chmod on directories
vs. the files it contains if you don't specify -R ?
Tracy Johnson
MSI Schaevitz Sensors
> -----Original Message-----
> From: Bill Cadier [mailto:[log in to unmask]]
> Sent: Wednesday, May 22, 2002 1:22 PM
> To: [log in to unmask]
> Subject: Re: [HP3000-L] Understanding Local Attributes
>
>
> Tracy asks:
>
> > When trying to add a Local Attribute to a user I understand
> > that it must be less than the Account Local Attribute. So
> > I change the Account LOCATTR to $00000002 then I try to
> > change the User to LOCATTR $00000001.
> >
> > /SYS/PUB%>ALTACCT XX;LOCATTR=$00000002
> > /SYS/PUB%>LISTACCT XX
> > ********************
> > ACCOUNT: XX
> >
> > DISC SPACE: 0(SECTORS) PASSWORD: **
> > CPU TIME : 329164(SECONDS) LOC ATTR: $00000002
> > CONNECT TIME: 2720197(MINUTES) SECURITY--READ : ANY
> > DISC LIMIT: UNLIMITED WRITE : AC
> > CPU LIMIT : UNLIMITED APPEND : AC
> > CONNECT LIMIT: UNLIMITED LOCK : ANY
> > MAX PRI : 150 EXECUTE : ANY
> > GRP UFID : $05600001 $50D54287 $00684CCA $80033089 $653E2AA5
> > USER UFID: $00000000 $00000000 $00000000 $00000000 $00000000
> > CAP: AM,AL,GL,OP,CV,UV,CS,ND,SF,BA,IA,MR,DS,PH
> >
> >
> > /SYS/PUB%>LISTUSER XXXXXX.XX
> > ********************
> > USER: XXXXXX.XX
> >
> > HOME GROUP: PUB45 PASSWORD: **
> > MAX PRI : 150 LOC ATTR: $00000000
> > LOGON CNT : 0
> > CAP: OP,ND,SF,BA,IA,MR,DS,PH
> >
> >
> > /SYS/PUB%>ALTUSER XXXXXX.XX;LOCATTR=$00000001
> > User assigned local attributes greater than the account
> local attributes.
> > Lowered to account's. (CIWARN 795)
> >
> > So I check to make sure:
> >
> > /SYS/PUB%>LISTUSER XXXXXX.XX
> > ********************
> > USER: XXXXXX.XX
> >
> > HOME GROUP: PUB45 PASSWORD: **
> > MAX PRI : 150 LOC ATTR: $00000000
> > LOGON CNT : 0
> > CAP: OP,ND,SF,BA,IA,MR,DS,PH
> >
> > This seems odd. After all I gave the Account a higher
> > number than the user. O.K. fine. I solve the problem
> > by giving the Account a abnormally high LOCATTR:
> >
> > /SYS/PUB%>ALTACCT XX;LOCATTR=$77777777
> >
> > /SYS/PUB%>LISTACCT XX
> > ********************
> > ACCOUNT: XX
> >
> > DISC SPACE: 0(SECTORS) PASSWORD: **
> > CPU TIME : 329164(SECONDS) LOC ATTR: $77777777
> > CONNECT TIME: 2720197(MINUTES) SECURITY--READ : ANY
> > DISC LIMIT: UNLIMITED WRITE : AC
> > CPU LIMIT : UNLIMITED APPEND : AC
> > CONNECT LIMIT: UNLIMITED LOCK : ANY
> > MAX PRI : 150 EXECUTE : ANY
> > GRP UFID : $05600001 $50D54287 $00684CCA $80033089 $653E2AA5
> > USER UFID: $00000000 $00000000 $00000000 $00000000 $00000000
> > CAP: AM,AL,GL,OP,CV,UV,CS,ND,SF,BA,IA,MR,DS,PH
> >
> > But without changing the user again, I find the user has
> > been given the LOCATTR that I attempted to give it before:
> >
> > /SYS/PUB%>LISTUSER XXXXXX.XX
> > ********************
> > USER: XXXXXX.XX
> >
> > HOME GROUP: PUB45 PASSWORD: **
> > MAX PRI : 150 LOC ATTR: $00000001
> > LOGON CNT : 0
> > CAP: OP,ND,SF,BA,IA,MR,DS,PH
> > /SYS/PUB%>
> >
> > Does this mean the user actually got the LOCATTR I original
> > gave it, but was masked by the account?
> >
> > Tracy Johnson
> > MSI Schaevitz Sensors
>
> Yes.
>
> The local attribute parameter is a bit map, the definitions
> of the bits
> are whatever you want. The code reports only those bits in the user's
> local attribute that match the account's.
>
> For example:
>
> ALTACCT TEST;LOCATTR=111
> ALTUSER FOO;LOCATTR=20
>
> LISTUSER FOO shows a LOCATTR of 4 not 20.
>
> 123 = 01111011 ($7b)
> 20 = 00010100 ($14)
> ------------
> 00010000 ($10)
>
> If I then change local attribute on the account to 127 (for example)
> the bits wind up as 01111111 and when logically AND'd to the
> users local attribute I see the original value 20 (hex 14).
>
> HTH,
>
> Bill
> HP/CSY
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|