| Banquo,
Just to expand on Grahams reply a little, I have included some
other things to check.
The A1SUBMIT command is used to submit the housekeeping procedures
to the batch queue on the system. This command runs the image
OA$LIB:OA$SUBMIT.EXE.
When the A1SUBMIT command used in these procedures to submit the
batch command procedure returns a status of %X0001829A.
This translates to the error message:
"%RMS-E-PRV, insufficient privilege or file protection violation"
The APR Vol. 2, Page 10, specifies that the "file-spec" parameter
passed to the A1SUBMIT command indicates the command file to submit.
This command file must be owned by the UIC of the same VMS user as the
ALL-IN-1 profile file OA$DATA:PROFILE.DAT and the file
OA$LIB:OA$SUBMIT.EXE. These should ALL be owned by ALLIN1.
SOLUTION:
Several restrictions have been placed on the ability to use the
A1SUBMIT command successfully in ALL-IN-1.
The following conditions need to be met for OA$SUBMIT to work correctly:
o The OA$LIB:OA$SUBMIT.EXE image must be installed with
CMKRNL privilege.
o The OA$LIB:OA$SUBMIT.EXE must be owned by the ALL-IN-1
Manager.
o The file to be submitted to batch must have the same
ownership (ie UIC) as the OA$SUBMIT.EXE file - OA$SUBMIT will
read the file headers to check - so make sure it has
read access.(i.e. ALL-IN-1 normally submits OA$LIB:SMJACKET.COM).
o The file to be submitted must reside in a directory
within the OA$LIB search list - OA$LIB is a default
(the actual string "OA$LIB:" must be present on the
file spec in the command line).
o The OA$LIB logical must be defined in EXEC mode - this
is explicity checked by OA$SUBMIT.
o OA$SUBMIT.EXE must have the OA$ADMIN ACL with
ACCESS=READ+EXECUTE if an administrator is to use it.
Make sure that the OA$LIB:OA$SUBMIT.EXE file has the same owner UIC
as the OA$DATA:PROFILE.DAT and the OA$LIB:SMJACKET.COM.
To do this enter from DCL:
$DIR/SEC OA$LIB:OA$SUBMIT.EXE
$DIR/SEC OA$DATA:PROFILE.DAT
$DIR/SEC OA$LIB:SMJACKET.COM
These files should have the OWNER of the UIC for the ALL-IN-1
Manager VMS account.
If they don't, use the DCL command:
$SET FILE/OWNER=[X,Y] filename
where X,Y is the ALL-IN-1 Manager VMS account UIC and filename is
the VMS filename of the file you wish to change the ownership of.
NOTE: If the protection of the OA$SUBMIT.EXE file requires changing,
the image must be de-installed using the INSTALL utility (must
be removed on each node in a Vaxcluster) prior to
changing the protections on the file. After the changes are made, it
must be installed back into memory (on each node in a Vaxcluster), this
may be done by running SYS$MANAGER:A1V23START.COM.
This executable image must also be installed with the privilege CMKRNL.
To verify the installed images privileges use the INSTALL utility as
follows:
$INSTALL := $SYS$SYSTEM:INSTALL/COMMAND_MODE
$INSTALL
INSTALL>LIST/FULL OA$LIB:OA$SUBMIT.EXE
If the image does not contain the proper privileges, you must add these
the REPLACE command as follows: (or run SYS$MANAGER:A1V23START.COM).
$INSTALL
INSTALL> REPLACE OA$LIB:OA$SUBMIT.EXE/PRIV=(CMKRNL)
Hope this helps.
Paul
|
| As the original author of OA$SUBMIT (and the text in.-2 looks very much
like my writing too - wonder where it came from? :-) ), I'd like to
apologise for the incredibly unhelpful error messages.
Unfortunately, it was designed that way, the thinking being that you
don't want to be too helpful to someone who may be trying to break the
security system (rather as VMS waits for you to type the password
before rejecting an unknown username, and it doesn't say whether it was
the username or the password that was wrong).
I'm glad you got it fixed;
Dave.
|
|
Banquo,
If you say: 'after I set all files under the allin1 tree to be owned by
ALLIN1', do you mean: ALL.
If under V2.4, please make sure the files in [.DEV_SHARE] and
[.DEV_<language>] are owner by OA$PRVAPP.
If under V3.0, take the same as above into account, but also keep in
mind the [.SITE...] (except for DEV_SHARE and DEV_<language>) are owner
by OA$MANAPP.
Ciao,
Simon
|