[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference csc32::consolemanager

Title:POLYCENTER Console Manager
Notice:Kits, Scans, Docs on CSC32:: as PCM$KITS:,PCM$DOCS:, PCM$SCANS:
Moderator:CSC32::BUTTERWORTH
Created:Thu Aug 06 1992
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:1541
Total number of notes:6564

265.0. "VMS Security" by BBPPDR::ROWELL (Paul Rowell @BBP - TMC UK) Mon May 23 1994 13:34

I have been setting up a "non-privileged" user to work with CM.

If the non-priv user tries to save settings from the Eventlist then this fails
as the protections of the console$app_defaults directory don't allow writes.

I tried defining a job logical for console$app_defaults, but that was ignored.

BTW the system's eventlist settings are saved with W:RWED, I wonder what INSPECT
will say about that!!

Any ideas?

-Paul
T.RTitleUserPersonal
Name		DateLines
265.1Log files a problem tooBBPPDR::ROWELLPaul Rowell @BBP - TMC UKMon May 23 1994 13:513
The data in console$logfiles is also protected from lowly non-priv users.

-Paul
265.2OPG::PHILIPAnd through the square window...Mon May 23 1994 14:1429
Paul,

  Huh, I dont understand this! The eventlist as an
  action routine runs under UIC
  1,4 so should be able to save its settings in
  CONSOLE$APP_DEFAULTS:, if its an interactive job
  then it should save its settings in the users
  SYS$LOGIN: directory. This is in fact what happens
  on my system.

  As for the protections in Console$Logfiles, this
  is correct, they should be protected against
  non-priv'd user access. All the Console Manager
  images should get installed with the necessary
  privs to access these files.

  As far as INSPECT is concerned, we didnt have too
  much time to check out our compliance, it was fairly
  low down on our list as it isnt a mandatory item
  as far as engineering groups are concerned (it isnt
  in our checklist). having said that, when we get
  some more time in future releases, we will be making
  the software compliant.

Cheers,
Phil
265.3OK more informationBBPPDR::ROWELLPaul Rowell @BBP - TMC UKMon May 23 1994 15:3969
1)

What I'm doing is starting the C3 interface and then changing a couple of items
from the Eventlist window (Startup - Iconified) then Save Options.

I then get a securitty message on the comsole of the CM system:-

Security alarm (SECURITY) and security audit (SECURITY) on TMCPCM, system id: 64
515
Auditable event:          Object access
Event information:        directory entry creation request (IO$_ACCESS, IO$_CREA
TE, or IO$_ENTER)
Event time:               23-MAY-1994 14:26:31.30
PID:                      00000390        Parent PID:               0000037F
Process name:             ROWELL_1        Parent process name:      NET_8481
Username:                 ROWELL          Parent username:          ROWELL
Process owner:            [ROWELL]
Image name:               $222$DIA12:[CONSOLE.][ACTIONS.SYSTEM]CONSOLE$EVENTLIST
.EXE
Object class name:        FILE
Object owner:             [SYSTEM]
Object protection:        SYSTEM:RWE, OWNER:RWE, GROUP:RE, WORLD:E
Directory name:           _$222$DIA12:[CONSOLE]APP-DEFAULTS.DIR;1
Directory ID:             (25,1,0)
Directory entry:          CONSOLE$EVENTLIST.DAT_ROWELL_C3;0
Access requested:         READ,WRITE
Sequence key:             0021DFC9
Status:                   %SYSTEM-F-NOPRIV, insufficient privilege or object pro
tection violation

2)If I do an Commands -> Console Manager -> Event History, I get a window saying 

One or more log files for the selected system do not exist and another security
message:

  %%%%%%%%%%%  OPCOM  23-MAY-1994 14:35:34.45  %%%%%%%%%%%
Message from user AUDIT$SERVER on TMCPCM
Security alarm (SECURITY) and security audit (SECURITY) on TMCPCM, system id: 64
515
Auditable event:          Object access
Event information:        file access request (IO$_ACCESS or IO$_CREATE)
Event time:               23-MAY-1994 14:35:34.45
PID:                      0000037F
Process name:             NET_8481
Username:                 ROWELL
Process owner:            [ROWELL]
Image name:               $222$DIA12:[CONSOLE.][IMAGES]CONSOLE$C3.EXE
Object class name:        FILE
Object owner:             [SYSTEM]
Object protection:        SYSTEM:RWED, OWNER:RWED, GROUP:RE, WORLD:
File name:                _$222$DIA12:[CONSOLE.LOG]CONSOLEMANAGER.TIMES;1
File ID:                  (166,1,0)
Access requested:         READ
Sequence key:             0021F12E
Status:                   %SYSTEM-F-NOPRIV, insufficient privilege or object pro
tection violation

3) The remark about INSPECT was tongue in cheek - I wonder how much time the
corporation wastes trying to get Inspect to pass after installing the latest
layered product! Seriously though it can't be wise allowing the whole world
total access to this data file.


The only privilege the images are installed with is SYSLCK is this correct?


If this still isn't clear don't hesitate to call me! (841-3980)

-Paul
265.4OPG::PHILIPAnd through the square window...Mon May 23 1994 16:5425
Ahhh,

  The mists clear...

  1) It appears that you have a scenario we missed in our testing,
  dont ask me how, I dont know!!

  As a workaround until we can sort this out, you are going to
  have to give W:RW to the APP-DEFAULTS directory, but I guess
  you already sussed that one.

  2) Another protection problem I am afraid, and you are not going
     to like the answer here, but, can you set the protection on all
     the files in your log and archive directories to W:R that should
     then at least allow your non-prived users to get to the data.

  3) Your INSPECT comment may well have been tongue in cheek, but
     we do realize that not complying causes internal users a
     headache, so we would like to sort it out at some point.

  4) Yup, everything should have SYSLCK as we do some lock
     management between the processes.

Cheers,
Phil
265.5You're right....BBPPDR::ROWELLPaul Rowell @BBP - TMC UKMon May 23 1994 18:053
I don't like it :-)

-Paul
265.6OPG::PHILIPAnd through the square window...Tue May 24 1994 15:3636
OK,

  This is what I have done for the next release (V1.5) which
  will be available within the next 3-4 months:-

  a DIR/PROT of CONSOLE$ROOT:[000000] will look like this...

Directory CONSOLE$ROOT:[000000]

ACTIONS.DIR;1        (RWE,RWE,RE,E)
APP-DEFAULTS.DIR;1   (RWE,RWE,RE,E)
ARCHIVE.DIR;1        (RWE,RWE,RE,RE)
BOOKS.DIR;1          (RWE,RWE,RE,E)
DATA.DIR;1           (RWE,RWE,RE,E)
EXAMPLES.DIR;1       (RWE,RWE,RE,E)
ICONS.DIR;1          (RWE,RWE,RE,E)
IMAGES.DIR;1         (RWE,RWE,RE,E)
LOG.DIR;1            (RWE,RWE,RE,E)
TEMP.DIR;1           (RWE,RWE,RE,E)
TEMPLATES.DIR;1      (RWE,RWE,RE,E)

Total of 11 files.

  The Archive directory has to have W:RE as the Extract
  and Monitor interfaces need to do wild card searches
  for archive files when either an extract or review is
  done. 

  And all your log files will have a protection
  of S:RWED,O:RWED,:,G:R,W:R

  Now, as I said, this all passes DECinspect so everyone
  should be happy, right!!

Cheers,
Phil
265.7CSC32::BUTTERWORTHGun Control is a steady hand.Tue May 24 1994 18:3510
    Well these would be considered semi-private system files if you install
    PCM on the system disk so your protections would pass. Another possible
    solution here would be to use an identifier such as CONSOLE$MANAGER_USER
    and placing an ACL on the directory to prevent any world access. It
    would be pretty straightforward to add this ACL creation to the
    KITINSTAL. The only other piece would be to update the editor so it had
    the smarts to grant this ID to usernames that were added/removed
    from the PCM database.
    
    Dan
265.8OPG::PHILIPAnd through the square window...Tue May 24 1994 19:416
  Yup, I considered this, however, it would be too much work for
  V1.5, maybe for V1.6 or V2.0 or whatever we call the next release.

Cheers,
Phil