Conference bulova::decw_jan-89_to_nov-90

    I have the same problem on my LAVc (a VS3600 serving several VS2000s
    and two MicroVAXIIs): I just upgraded from VMS 5.1 to 5.2.  This
    problem did not occur until I ran AUTOGEN FEEDBACK.  Since then,
    I cannot log into my user account on a DECwindows terminal.  I can,
    however, log in remotely on a non-DECwindows terminal!
    
    I have gotten some help from the VMS notes conference, but to no
    avail.  Since this seems to have something to do with DECwindows,
    I thought I'd try this conference.
    
    I've tried upping the GLBLPAGES and GBLSECTIONS paramaters as
    recommended (to 30000 and 400) and even started from scratch by
    removing the node using CLUSTER_CONFIG, then adding it back in.
    
    Any ideas?
    
    Denis
    

The login problem I described was not caused by AUTOGEN FEEDBACK or DECwindows 
as I suspected.  It was caused by an internal program, SECURITY.COM, that we
installed on our system.  The program set protection on a number of system
files that prevented user accounts from accessing when logging in.

It was an unfortunate coincedence that I discovered the problem immediately
after running AUTOGEN FEEDBACK.  Sorry for the false alarm.

Denis

I think there is a VMS rule that says: "don't change the protection on any
system files".  So the obvious answer is to trash that program.

	paul

    This command procedure implements the ZK Security recommendations. I
    run it every time the system boots. I've had no problems.
    
    Hope it's of use
    
    - ���
    ---< CUT HERE >----
$ ! make_system_secure.com - andy leslie, 30 jan 1989
$ ! protect the mfd
$ sa="set acl/log"
$ Set NoOn
$ set file/log/prot=(w:e) sys$sysdevice:[000000]000000.dir
$ ! .sys files must also be protected
$ set file/log/prot=(w:e) sys$sysdevice:[000000]*.sys
$ ! add default ace to the mfd
$ sa sys$sysdevice:[000000]000000.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w)
$ ! all new files created in the mfd will have to be altered to allow access
$
$ set file/log/prot=(w:e) sys$sysdevice:[000000]sys*.dir
$ set file/log/prot=(w:e) sys$sysdevice:[000000]vms$common.dir
$ sa sys$sysdevice:[000000]*.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w)
$
$ set file/log/prot=(w) sys$sysdevice:[000000]sysexe.dir
$ set file/log/prot=(g,w) sys$sysdevice:[sys*]mom$system.dir,sys$ldr.dir,sys$startup.dir, -
sysmaint.dir,systest.dir,syserr.dir
$ set file/log/prot=(g,w) sys$sysdevice:[vms$common]mom$system.dir,sys$ldr.dir,sys$startup.dir, -
sysmaint.dir,systest.dir,syserr.dir                  
$
$ sa sys$sysdevice:[000000]sysexe.dir /acl=(default_protection,options=nopropagate+protected,s:rewd,
$ sa sys$sysdevice:[sys*]mom$system.dir /acl=(default_protection,options=nopropagate+protected,s:rew
$ sa sys$sysdevice:[sys*]sys$ldr.dir    /acl=(default_protection,options=nopropagate+protected,s:rew
$ sa sys$sysdevice:[sys*]sys$startup.dir/acl=(default_protection,options=nopropagate+protected,s:rew
$ sa sys$sysdevice:[sys*]sysmaint.dir   /acl=(default_protection,options=nopropagate+protected,s:rew
$ sa sys$sysdevice:[sys*]systest.dir    /acl=(default_protection,options=nopropagate+protected,s:rew
$ sa sys$sysdevice:[sys*]syserr.dir     /acl=(default_protection,options=nopropagate+protected,s:rew
$
$ sa sys$sysdevice:[vms$common]sysexe.dir /acl=(default_protection,options=nopropagate+protected,s:r
$ sa sys$sysdevice:[vms$common]mom$system.dir /acl=(default_protection,options=nopropagate+protected
$ sa sys$sysdevice:[vms$common]sys$ldr.dir    /acl=(default_protection,options=nopropagate+protected
$ sa sys$sysdevice:[vms$common]sys$startup.dir/acl=(default_protection,options=nopropagate+protected
$ sa sys$sysdevice:[vms$common]sysmaint.dir   /acl=(default_protection,options=nopropagate+protected
$ sa sys$sysdevice:[vms$common]systest.dir    /acl=(default_protection,options=nopropagate+protected
$ sa sys$sysdevice:[vms$common]syserr.dir     /acl=(default_protection,options=nopropagate+protected
$
$
$ set file/log/prot=(s:rew,o:wre,g:re,w:re) -
sys$sysdevice:[sys*]syscbi.dir,sysexe.dir,sysfont.dir,syshlp,syslib.dir, -
sysmsg.dir,sysupd.dir
$ set file/log/prot=(s:rew,o:wre,g:re,w:re) -
sys$sysdevice:[vms$common]syscbi.dir,sysexe.dir,sysfont.dir,syshlp,syslib.dir, -
sysmsg.dir,sysupd.dir   
$ sa sys$sysdevice:[sys*]syscbi.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[sys*]sysexe.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re)
$ sa sys$sysdevice:[sys*]sysfont.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[sys*]syshlp.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[sys*]syslib.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[sys*]sysmsg.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[sys*]sysupd.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$
$ sa sys$sysdevice:[vms$common]syscbi.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[vms$common]sysexe.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[vms$common]sysfont.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[vms$common]syshlp.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[vms$common]syslib.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[vms$common]sysmsg.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$ sa sys$sysdevice:[vms$common]sysupd.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$
$ set file/log/prot=(w:e,g:e,o:wred,s:wred) sys$sysdevice:[sys*]sysmgr.dir
$ set file/log/prot=(w:e,g:e,o:wred,s:wred) sys$sysdevice:[vms$common]sysmgr.dir
$ sa sys$sysdevice:[sys*]sysmgr.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$
$ sa sys$sysdevice:[vms$common]sysmgr.dir -
/acl=(default_protection,options=nopropagate+protected,s:rewd,o:wred,g,w:re) 
$
$ set file/log/prot=(o:wred,s:wred,g:re,w:re) -
sys$sysdevice:[vms$common.sysmgr]sylogin.com,announce.txt,welcome.txt 
$ set file/log/prot=(o:wred,s:wred,g:re,w:re) -
sys$sysdevice:[sys*.sysmgr]sylogin.com,announce.txt,welcome.txt
$ set file/log/prot=(o:wred,s:wred,g,w:re) -
sys$sysdevice:[vms$common.sysmgr]decw$*.com
$ set file/log/prot=(o:wred,s:wred,g,w:re) -
sys$sysdevice:[sys*.sysmgr]decw$*.com 
$
$ set file/log/prot=(s:wred,o:wred,g,w) -
sys$system:net*.dat,pagefile.sys,swapfile.sys, -
sysdump.dmp,sysuaf*.*,jbcsysque.dat,modparams.dat,vmsparams.dat,*.par, -
vmsmail_profile.data
$
$ sa sys$system:sysuafalt.dat;* -
/acl=(alarm_jour=security,access=write+delete+control+success)
$ sa sys$system:sysalf.dat;* -
/acl=(alarm_jour=security,access=write+delete+control+success)
$ sa sys$system:rightslist.dat;* -
/acl=(alarm_jour=security,access=write+delete+control+success)
$ sa sys$system:net*.dat;* -
/acl=(alarm_jour=security,access=write+delete+control+success)
$ 
$ sa sys$system:loginout.exe -
/acl=(alarm_jour=security,access=write+delete+control+success)
$
$Exit:
$ Exit
    

    re .4
    
    Have you posted this in the SYSMGR and Securepack conferences