James Trudeau wrote:
>
> Howdy,
>
> It is certainly not critical but it sure has my curiosity up.
>
> Somewhere out there on the 3k there is a bit mask
> describing the users capabilies (SM,AM,CV, etc). What is
> it that MPEX does to alter the user cap beyond those
> supplied by HP? Sample dialog follows.
>
> DATA20->HELLO JIM,MANAGER.SYS
> CPU=3. Connect=17. WED, AUG 7, 1996, 1:02 PM.
> ENTER USER (MANAGER) PASSWORD:
>
> HP3000 Release: C.50.00 User Version: C.50.00 WED, AUG 7, 1996, 1:02 PM
> MPE/iX HP31900 B.79.06 Copyright Hewlett-Packard 1987. All rights reserved.
>
> SAC001> Logon processing for MANAGER.SYS
>
> SAC001> Your last logon was SUN, MON D, 1900, 12:00 AM
>
> PUB->SPOOLER 101;SUSPEND
> Executing this operator command by other than the master operator requires
> permission by the ALLOW or ASSOCIATE commands. (CIERR 3247)
> PUB->RUN GOD.PUB.VESOFT
> LOCKWORD: GOD.PUB.VESOFT?
>
> Version 25N50815 03:00451
>
> END OF PROGRAM
> PUB->SPOOLER 101;SUSPEND
> PUB->BYE
> CPU=1. Connect=1. WED, AUG 7, 1996, 1:02 PM.
>
> So why can't MANAGER.SYS perform certain actions, but
> by invoking GOD he/she can?
>
> James Trudeau
> Computer Sciences Corp
> Harlingen, Texas
>
> Voice: (210) 430-7728
> Fax: (210) 412-8531
> e-mail [log in to unmask]
What GOD is doing is not only altering your user login capabilities but
also allowing all operator commands to be executed away from the console.
The ci command :ALLOW gives sessions this extra capability to execute
console commands without being on ldev 20. A simple command:
:ALLOW MANAGER.SYS;COMMANDS=SPOOLER
Doing this command gets you the same capability as what GOD did for
you. One note is that this command has to be executed on the console or
:ALLOW @.@;commands=ALLOW must have been entered on the console prior to
allowing the spooler command. Check the manual for all the different
command that you can allow yourself.
|