Thomas Hagen ([log in to unmask]) wrote: [...snip...] > Today I tried to copy files from one account to another. I also tried to > purge in another account than the one I was standing in. In both cases I > got an error telling me that my cmmand could not be executed because the > file in the other account could not be closed. Could someone please help > me out by telling why this restriction exists and how I can get around it. [...snip...] Even prior to 5.0 and without special capabilities, one can purge files (except for priviliged files) in another account provided that the account and the group which contains the files allows the user issuing the command both READ and WRITE access to ANY: ALTACCT 'acct';ACCESS=(R,W,L,A,X:ANY;S:AC) ALTGROUP 'grp';ACCESS=(R,W,L,A,X:ANY;S:AC) As for creating a file in another account, indeed with POSIX and SM capability one can do this. But I doubt you'd want to give a lot of people this capability. However, back in the old days of MPE-IV & V, we had a similar need which we solved. [...standard disclaimer inserted here...] Basically we determined that it was the MPE commands NEWACCT/ALTACCT which prohibit a user from setting the SAVE file access attribute to ANY at the account level. To get around this, I either used DISKEDIT and 'patched' the account level directory entry to set the "SAVE" access to "ANY". Having gotten tired of walking the directory structure, I wrote a program to call the undocumented directory routines to do the same. I suspect the same can be done on MPE/iX systems, but doing it by hand is out of the question for many folks. Instead, I suspect it would be possible to write a routine which calls an AIF to update the directory entry instead. Another possibility would be to develop a program which calls HPFCLOSE (undocumented intrinsic) to close the file with a KEEP/SAVE option. However, this approach limits the transfer of files to the specific program vs. using other utilities. [..plug sneaking in...] On the other hand, a safer method might be to consider acquiring the MPE security package SAF/3000 from Monterey Software. With this package one writes file-level access rules (similar to ACF2/RACF). Using this package it is possible to write a rule which permits users to create files in other accounts. We used this to setup a specific 'TRANSFER' account where analysts can write/read files. Using this account, analysts can share files/programs with one another without having to completely open-up the production source environments. In this manner, it's the vendor who has to deal with HP in terms of problems with the PM code as opposed to us! [..plug pulled..] Regards -- Jerry Fochtman