Mark Bixby responded to my question:

>
> PM programs *MUST* reside in the MPE name space.  This is poorly stated in
> the Commands manual for :RUN, and a number of SRs have been entered on this
> subject (including one from me and Apache/iX).
>

Yes, that does the trick. Thanks !!!

Now you mention it, I vaguely remember in the first POSIX release _any_ executable
file had to be in the MPE domain (this restriction to be lifted soon). Trust HP to
do a halfhearted job here :-/ If only this stuff was not so ABYSMALLY documented
poor unixy souls like me would not have to pester this list so often...

>
> PM is the key, though if you're coming from a Unix background you'd think
> MANAGER.SYS (the MPE version of root) might do the trick, but it doesn't.
>
Guess what, the MPE/iX Dev.Kit Reference does not mention PM at all ! Having said that,
perhaps I'm using an outdated version (second edition 1994). Dammkit, the one time I RTFM
it lets me down ... ;-)

> > Now, suppose I get the setuid to work. Then at some stage I will want to setuid() back
to
> > the original user, but in general permission will be denied for _that_ one. At least
> > that's what happens on HP-UX. Would PM on MPE solve that ? Because using
AIFCHANGELOGON
> > it is no problem to change back from a non-privileged use to the original user.
>
> Just do a GETPRIVMODE() and you should be able to setuid() back to the original
> user.

Indeed this is the trick. It seems my worries are over, at least for the moment.

Despite my occasional HP/MPE bashing I'm really grateful for all the help on this list.
Thanks again.

        Chris Breemer
        Compuware Europe B.V.