| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 930.1 | Privs, for one | IRONIC::KARPEL | and ALL-4-1! | Thu Jun 25 1992 16:31 | 10 |
| Debbie,
One thing about <NEWDIR is that you are now in the user's account with
your own level of privileges. This means if you were in, say, the
MANAGER account, you have all those "extra" privs when accessing files.
That can account for many differences in what you see.
I'll leave the rest to the experts!
Terri K.
|
| 930.2 | You could hack your VMS username | IOSG::TALLETT | Arranging bits for a living... | Thu Jun 25 1992 18:11 | 18 |
|
Whilst not supported, I needed to switch between lots of
different ALL-IN-1 accounts when testing transfer user. So
I used one of those Poke-your-VMS-username-in-Kernel-mode
hacks available from MEIS::HACKERS to switch usernames.
I could then start up ALL-IN-1 and get into that users filecab
with less problems than a NEWDIR (I really WAS in that user's
account).
Made me wonder why ALL-IN-1 still enforces this policy that
you can only enter an ALL-IN-1 accountname from the VMS username
specified in the PROFILE. It all worked just fine. But then I
started thinking of all the support calls we'd start getting
if we removed this restriction and people started trying to
open other people's file cabs with only half the needed privs...
Regards,
Paul
|
| 930.3 | But what about NEWDIR itself? | SHALOT::LANPHEAR | Test the water or turn the tide? | Thu Jun 25 1992 19:20 | 20 |
| I don't want to rathole on this, but the USERNAME hack is certainly
not a great suggestion for our customers(!) Besides the obvious
throw-security-out-the-window implications, there are other problems:
Assuming you turn on privs, switch username/uic, and turn privs back
off:
1) If you switch to a different group, you now don't have access to
any of your process, job, or group logical name tables. You also
can't duplicate the user's logical name environment.
2) You don't have any special identifiers granted by the user's VMS
authorization record
3) You don't have any of the quotas, etc. from the user's VMS
authorization record...
And I'm sure there are many other problems & reasons associated with
this idea in a customer environment. There needs to be a VMS$IMPERSONATE,
but obviously it's not an option :-)
What about the NEWDIR function - it doesn't fully duplicate the user's
environment does it ? (besides privs)
Cheers, Dan'l
|
| 930.4 | As I read the APR.... | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Fri Jun 26 1992 09:58 | 15 |
| Re .-several
The APR describes NEWDIR thusly:
The NEWDIR function sets a user's default File Cabinet and ALL-IN-1
directory to those of another user.
.
.
NEWDIR resets the default directory, and allows you to create and
modify documents.... NEWDIR does not reassign logical OAUSER.
I read this to mean that NEWDIR is intended *ONLY* to do File Cabinet
type things, and not any other functionality, like TM for example :-)
Graham
|
| 930.5 | NEWDIR does not = NEWUSER | SHALOT::WARFORD | Richard Warford @OPA DTN 393-7495 | Sat Jun 27 1992 03:11 | 6 |
| And note that NEWDIR does not open the libraries for that persons
profile, or close ones in your list that isn't in that persons. So
there could be different forms due to user specific, or group specific
customizations.
Rick
|
| 930.6 | Try using OA$INI_GLOBALS | AIMTEC::DONOHUE_F | | Mon Jun 29 1992 16:42 | 15 |
|
I was working on something the other day using NEWDIR and found that
if I used the <OA$INI_GLOBALS to set the special ALL-IN-1 symbols
after NEWDIRing to anothe rusers account that I could use alot
of functionality as that user that I previously could not have. TM
uses alot of sepcial ALL-IN-1 symbols that apparently don't get set
automatically by doing the NEWDIR. So, since you carry your privs
when using NEWDIR, try using the OA$INI_GLOBALS command after entering
the users account and that will be more like the users environment, but
again not the same as logging into the users account directly.
Just a thought,
Faith
|
| 930.7 | Interesting enough to look into | AIMTEC::ZANIEWSKI_D | Why would CSC specialists need training? | Wed Jul 01 1992 19:51 | 8 |
| I think Graham has the answer in .4. OAUSER is not defined. The
problems I've seen with <NEWDIR in the time management subsystem
is that the fully privileged user can't do certain things like
print and scan. If OAUSER isn't set the temporary files produced
should be someplace other than the subdirectory of the user I've
<NEWDIR'd to. I'll test that out soon.
Dave Zaniewski
|
| 930.8 | More features to deal with | AIMTEC::ZANIEWSKI_D | Why would CSC specialists need training? | Tue Jul 07 1992 00:03 | 7 |
| I just finished testing this one out. Thanks to Graham in .4 my
problems can now all be explained. I don't know specifics about
the layered application you're having problems with, but if it
creates temporary files without providing a directory
specification there doesn't appear to be away around this.
Dave Zaniewski
|