[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

2387.0. "Archive problem" by UTRTSC::SMEETS (Martin Smeets DS SSO Utrecht (NL)) Wed Mar 10 1993 10:16

Hi,

I've a customer with a strange problem concerning archiving.

ALL-IN-1 IOS V3.0
VMS V5.5-1

They created an archive area which points to data$disk4:[archive_1992]
data$disk4 logical is defined with concealed and terminal.
protection of archive_1992.dir is S:RWED, O:RWED, G:,W:

Is a user with normal privileges (netmbx and tmpmbx) archives a document to 
this archive area (option FC AN) everything looks nice.

1. Document has status archived
2. Document is put into open archive area
3. No error messages

Only on the console terminal appears the message:

No privilege for attempted operation.


Any ideas ?

Martin Smeets
ALL-IN-1 Support
T.RTitleUserPersonal
Name		DateLines
2387.1I can reproduce it !UTRTSC::SMEETSMartin Smeets DS SSO Utrecht (NL)Thu Mar 11 1993 12:4645
Hi Everybody,

I can reproduce the error on our system

Below you See an extract of the operator.log 

%%%%%%%%%%  OPCOM  10-MAR-1993 09:20:03.05  %%%%%%%%%%%
Message from user AUDIT$SERVER on SSOIOS
Security alarm (SECURITY) and security audit (SECURITY) on SSOIOS, system id: 6
Auditable event:        Attempted file access
Event time:             10-MAR-1993 09:20:03.01
PID:                    00000256
Username:               VTXMAN
Image name:             SSOIOS$DKB200:[IOS.LIB_SHARE]OA$MAIN.EXE
Object name:            _SSOIOS$DKB200:[000000]ARCH1.DIR;1
Object type:            file
Access requested:       READ
Status:                 %SYSTEM-F-NOPRIV, no privilege for attempted operation


Also for completion the authorize entry

Username: VTXMAN                           Owner:  Martin Smeets
Account:  OFFICE                           UIC:    [500,17] ([OFFICE,VTXMAN])
CLI:      DCL                              Tables: DCLTABLES
Default:  USER1:[VTXMAN]
LGICMD:   LOGIN
Flags:
Primary days:   Mon Tue Wed Thu Fri
Secondary days:                     Sat Sun
No access restrictions
Expiration:            (none)    Pwdminimum:  8   Login Fails:     0
Pwdlifetime:           (none)    Pwdchange:  16-DEC-1992 09:25
Last Login: 10-MAR-1993 09:16 (interactive),  9-MAR-1993 15:20 (non-interactive)
Maxjobs:         0  Fillm:       250  Bytlm:        75000
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
Maxdetach:       0  BIOlm:       230  JTquota:       1024
Prclm:          10  DIOlm:        50  WSdef:          600
Prio:            4  ASTlm:       300  WSquo:         4096
Queprio:         0  TQElm:        50  WSextent:      3000
CPU:        (none)  Enqlm:       300  Pgflquo:      85000
Authorized Privileges:
  TMPMBX NETMBX 
Default Privileges:
  TMPMBX NETMBX
2387.3Yes, it is the archive directoryUTRTSC::SMEETSMartin Smeets DS SSO Utrecht (NL)Thu Mar 11 1993 19:4711
Hi Stuart,

Thanks for your reply !
    
>>    What is _SSOIOS$DKB200:[000000]ARCH1.DIR;1? Is it the archive directory?

Yes, it is the archive directory, the audit utility is reponsible for this name

Cheers,

Martin
2387.4IOSG::MAURICEBecause of the architect the building fell downFri Mar 12 1993 08:1818
    Hi,
    
    It looks as if there are two main possibilities:
    
    a) The line in ARCHIVE_USER_DOCUMENT.SCP where it does:
    
    	get #dev = file$.device[#arc_dir]
    
    b) The archive_document function call in the same script.
    
    If you have the chance it would be very helpful if you can do a
    	<debug on
    before typing ADN to archive it. As you step through with DEBUG you
    will be able to find the line in the script that triggers the alarm. 
    
    Cheers
    
    Stuart
2387.5BYPASS privilege on OA$IMAGE ?UTRTSC::SMEETSMartin Smeets DS SSO Utrecht (NL)Mon Mar 15 1993 21:2713
Hi Stuart,

I did <DEBUG ON but I didn't find any alarm or error message.

I think the error message on the console printer is the result of the setup of
the audit server. 

Does the ALL-IN-1 images raise it's privileges when archiving files for users. ?
I've seen ALL-IN-1 is installed with BYPASS privilege.

Regards,

Martin
2387.6see 423.*UTRTSC::SCHOLLAERTBlack WednesdayMon Mar 15 1993 22:0512
    Hello,
    
>    	get #dev = file$.device[#arc_dir]
    
    $ set aud/ala/en=fil=fail will show that this is the line
    that causes the priviledge violation. 
    
    See note 423.....
    
    Regards from sunny Holland.
    
    Jan