James Trudeau wrote:
>
> Howdy,
>
> It is certainly not critical but it sure has my curiosity up.
>
> Somewhere out there on the 3k there is a bit mask
> describing the users capabilies (SM,AM,CV, etc).  What is
> it that MPEX does to alter the user cap beyond those
> supplied by HP?  Sample dialog follows.
>
> DATA20->HELLO JIM,MANAGER.SYS
> CPU=3. Connect=17. WED, AUG  7, 1996,  1:02 PM.
> ENTER USER (MANAGER) PASSWORD:
>
> HP3000  Release: C.50.00   User Version: C.50.00   WED, AUG  7, 1996,  1:02 PM
> MPE/iX  HP31900 B.79.06  Copyright Hewlett-Packard 1987.  All rights reserved.
>
> SAC001> Logon processing for MANAGER.SYS
>
> SAC001> Your last logon was SUN, MON  D, 1900, 12:00 AM
>
> PUB->SPOOLER 101;SUSPEND
> Executing this operator command by other than the master operator requires
> permission by the ALLOW or ASSOCIATE commands. (CIERR 3247)
> PUB->RUN GOD.PUB.VESOFT
> LOCKWORD: GOD.PUB.VESOFT?
>
> Version 25N50815  03:00451
>
> END OF PROGRAM
> PUB->SPOOLER 101;SUSPEND
> PUB->BYE
> CPU=1. Connect=1. WED, AUG  7, 1996,  1:02 PM.
>
> So why can't MANAGER.SYS perform certain actions, but
> by invoking GOD he/she can?
>
> James Trudeau
> Computer Sciences Corp
> Harlingen, Texas
>
> Voice:   (210) 430-7728
> Fax:     (210) 412-8531
> e-mail   [log in to unmask]
 
What GOD is doing is not only altering your user login capabilities but
also allowing all operator commands to be executed away from the console.
The ci command :ALLOW gives sessions this extra capability to execute
console commands without being on ldev 20.  A simple command:
 
:ALLOW MANAGER.SYS;COMMANDS=SPOOLER
 
Doing this command gets you the same capability as what GOD did for
you. One note is that this command has to be executed on the console or
:ALLOW @.@;commands=ALLOW must have been entered on the console prior to
allowing the spooler command.   Check the manual for all the different
command that you can allow yourself.