| Title: | *OLD* ALL-IN-1 (tm) Support Conference |
| Notice: | Closed - See Note 4331.l to move to IOSG::ALL-IN-1 |
| Moderator: | IOSG::PYE |
| Created: | Thu Jan 30 1992 |
| Last Modified: | Tue Jan 23 1996 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4343 |
| Total number of notes: | 18308 |
hi,
ALL-IN-1 3.0-1, VMS 5.5-2
I'm hoping that someone here mihgt be able to shed some new light. The
customer has a script (in CM) in oa$site_do_share. The script has w:RE
and is owned by ALL-IN-1.
When a non-prived user tries to use it, they get the following error:
%OA-E-SCPOPEN, Error opening SCRIPT file "OA$DO:3M_PORT"
-RMS-E-PRV, insufficient privilege or file protection violation
A trace shows no more information. I've added W:RE to the DO
directories, but no luck. The script works fine on 2.4 systems. On the
2.4 systems the protections are the same (on the scp).
The script works fine in a prived account (ALLIN1).
Thanks for any ideas !!! Ann
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 2280.1 | Did you TXL the script ?? (SM CSZ CCM) | COL01::KLOCKE | Wed Feb 17 1993 15:47 | 0 | |
| 2280.2 | General priv problem???? | IOSG::BILSBOROUGH | Just testing. Please ignore!!! | Wed Feb 17 1993 16:46 | 4 |
If you just create a file in the directory can the user access that?
Mike
| |||||
| 2280.3 | ANGLIN::HARRIS | Let the party begin... | Wed Feb 17 1993 18:10 | 4 | |
re .1 - yes TXL was redne, ALL-IN-1 exited and reentered.
re. 2 - MANAGER creates file in oa$site_do_share.
non-prived user CANNOT even do directory of this directory.
| |||||
| 2280.4 | A few more thoughts... | SCOTTC::MARSHALL | Spitfire Drivers Do It Topless | Wed Feb 17 1993 18:18 | 15 |
Hi, >> non-prived user CANNOT even do directory of this directory Have you checked the prots on all the parent directories, back up to (and including) 000000.DIR? Is the device itself protected against world access? (Not sure if you can do that on VMS, but it's an idea) Note that W:E on a directory will allow someone to access something in the directory by name, so I could do (eg) $dir [a.b]c.txt but not $dir [a.b]*.txt W:R on a directory allows someone to do wildcard operations on the directory (ie it lets them actually 'read' the directory to find filenames). Scott | |||||
| 2280.5 | Modify OA$SITE_DEV_LLV also | UTES09::EIJS | Simon Eijs @Utrecht, 7838-2558 | Thu Feb 18 1993 08:12 | 46 |
Hi,
First some remarks:
> I'm hoping that someone here mihgt be able to shed some new light. The
> customer has a script (in CM) in oa$site_do_share. The script has w:RE
> and is owned by ALL-IN-1.
The BLP, DO and SCP directories should now be closed for the world (V3.0,
V3.0-1):
Directory DKB200:[ALLIN1V30_DEV.SITE]
DO_SHARE.DIR;1 OA$MANAPP (RWE,RWE,RE,)
(IDENTIFIER=OA$MANAPP,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=OA$MANAPP,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=OA$PRVAPP,ACCESS=READ)
(IDENTIFIER=OA$PRVAPP,OPTIONS=DEFAULT,ACCESS=READ)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RE,WORLD:)
As all files of this directory end up in the TXL the files cannot be called from
the directories directly any longer.
So, that's the theory.
> -< Did you TXL the script ?? (SM CSZ CCM) >-
>-------------------------------------------------------------------------------
>
> %OA-E-SCPOPEN, Error opening SCRIPT file "OA$DO:3M_PORT"
> -RMS-E-PRV, insufficient privilege or file protection violation
>
> re .1 - yes TXL was redne, ALL-IN-1 exited and reentered.
The procedure is called directly via OA$DO:, so the TXL isn't used.
Try the following:
Modify the protection of [.SITE]DO_ENGLISH.DIR for W:RE. The reason is you use
OA$DO: as directory specification. The first directory in this search list is
OA$SITE_DO_LLV (ENGLISH), which you cannot access. So ALL-IN-1 bumps out.
HTH,
Simon
| |||||
| 2280.6 | Fix the caller! | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Thu Feb 18 1993 09:04 | 9 |
Expanding further on Simon's reply:
If the file is in OA$DO (or the other TXL directories) then the only
"person" that needs to read it is the TXL compiler, which is more than
adequately privileged. Any other accesses to the file directly by
specifying OA$DO:name are *wrong* and the calling code should be fixed
so it just uses the file name.
Graham
| |||||
| 2280.7 | Move the file if they _really_ need to do this | IOSG::SHOVE | Dave Shove -- REO2-G/M6 | Thu Feb 18 1993 17:13 | 8 |
Or, if for some reason * they want to refer to the file itself rather
than the TXL version of it, then it shouldn't be in OA$DO (move it to
OA$LIB: perhaps).
* for example, supposing they had found some script code combination
which didn't work in TXLs - no, silly me, ridiculous.
D.
| |||||
| 2280.8 | thanks! | ANGLIN::HARRIS | Let the party begin... | Thu Feb 18 1993 18:24 | 11 |
well,
thanks to all - the problem is solved! i modified the prot according
to .5 and things are ok.
re .7 - i'd love to get rid of/or at least modify the location of the
script, but its in too many print destinations. beleive me, at this
customer you don't want to change anything!
ann
| |||||