| Title: | *OLD* ALL-IN-1 (tm) Support Conference |
| Notice: | Closed - See Note 4331.l to move to IOSG::ALL-IN-1 |
| Moderator: | IOSG::PYE |
| Created: | Thu Jan 30 1992 |
| Last Modified: | Tue Jan 23 1996 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4343 |
| Total number of notes: | 18308 |
To execute a script when starting ALLIN with the /script=scriptname
does a user realy NEED to have the 'oa$prvapp' privilege ?
when a user with default privilege tries to run allin1/script=test_bp
he gets an error message like this.
%OA-E-SCPOPEN, Error opening SCRIPT file "!AS"
thats the scripts protection in the site english directory.
TEST_BP.SCP;1 [ALLIN1] (RWED,RWED,RE,RE)
(IDENTIFIER=OA$PRVAPP,ACCESS=READ)
(IDENTIFIER=OA$MANAPP,ACCESS=READ+WRITE+EXECUTE+DELETE)
Can someone confirm.
1. to use the /script= you need the prvapp (or remove the identifiers,
which we really don't want to do)
2. Is there another way to execute this script for that particular
user, (script is needed to set his keyboard, because we don't want
to bother the end users to go 'SWC' and set them the apropriate
keyboard)
regards,
Luc Verbraeken
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1708.1 | OAINI? | AIMTEC::WICKS_A | Liverpool 4 Norwich 1 | Tue Nov 03 1992 18:54 | 10 |
Luc,
I'm sure that /SCRIPT has required OA$PRVAPP since at least v2.4 if not
before. You definitely don't want to go around removing ACLs!
Why don't you put (or call) the script from OAINI.SCP?
regards,
Andrew.D.Wicks
| |||||
| 1708.2 | Check protections / ACEs | CESARE::EIJS | All in 1 Piece | Wed Nov 04 1992 08:32 | 41 |
Hi Luc,
> 1. to use the /script= you need the prvapp (or remove the identifiers,
> which we really don't want to do)
I never heard of this restriction. No doubt '/SCRIPT' was available
before ALL-IN-1 V2.3, which introduced OA$PRVAPP. Isn't OAINI.SCP a
procedure which is called 'as if it was using /SCRIPT'?
> 2. Is there another way to execute this script for that particular
> user, (script is needed to set his keyboard, because we don't want
> to bother the end users to go 'SWC' and set them the apropriate
> keyboard)
I would check a few things:
Why does TEST_BP.SCP has the ACE for OA$PRVAPP? It's not necessary taking
the File Protection (RE) into consideration. Also, in ALL-IN-1 V3.0 the
only ACE in the Live location is OA$MANAPP (unless one decided different).
When using /SCRIPT=TEST_BP.SCP, ALL-IN-1 searches through the TXL first, I
think, and then uses the OA$FILE_SEARCH_ORDER to locate the procedure. If
one of the directories in the default search order cannot be accessed, the
call to the script fails. So check if the user has access to all
directories associated with '[],OALIB:'.
Check if there is a 'funny' TEST_BP.SCP lying around in the Default search
order 'which cannot be accessed'.
Re .1)
> I'm sure that /SCRIPT has required OA$PRVAPP since at least v2.4 if not
> before. You definitely don't want to go around removing ACLs!
Are you sure?
Ciao,
Simon
| |||||
| 1708.3 | OAini.scp fails to ! | BACHUS::VERBRAEKEN | Luctor et Emergo | Fri Nov 06 1992 10:32 | 12 |
regarding .1
Andrew,
When the script is put at oani.scp it fails with the same error for
the same user.
Some other ideas,
Luc Verbraeken.
| |||||
| 1708.4 | Check the mode of the commands in the SCRIPT | HVNBND::WARFORD | Richard Warford @OPA DTN 393-7495 | Tue Nov 17 1992 16:40 | 8 |
Any chance that they are trying to execute .FU xxx in the script?
The /SCRIPT directive allows SCRIPT SCRIPT commands, and with V2.x?
commands that call the command dispatcher require the privilege as
they allow for programming ability. (And therefore could be used
to bypass application level security checks).
RIck
| |||||