|
HP OpenVMS Systemsask the wizard |
|
The Question is: We've inherited some VAX/Alpha VMS systems. In the process of cutting over from VAX to Alpha we have found a MACRO program which was written for VAX called seeque that lists all queue contents by going around security when called by an unprivileged user. This allows the queues to be secured and th e allows us to control access to only this executable. This is needed for the Alpha, any ideas? The Answer is :
The Wizard sees no reason to continue to use this executable even on
OpenVMS VAX, given the availability of access control lists for very
finely granulated control over queue access, and given the ability to
mark specific queues as readable by (system, owner, group, or world)
users using the provided queue protection mask.
In this case, use SET QUEUE/PROTECTION=(S:M,O:D,G:R,W:RS) or similar,
allowing users in the world group to read the queue. See below for
further details.
If you wish to port the program in question, Macro32 is available as a
compiler on OpenVMS Alpha systems, and there are instructions available
for the changes (typically few, usually very simple, and normally portable
between both OpenVMS VAX and Alpha) in the Macro32 porting documentation
in the OpenVMS manual set.
As for the SET QUEUE/PROTECTION command...
SET
QUEUE
/PROTECTION
/PROTECTION=(ownership[:access],...)
Requires OPER (operator) privilege to control access to the
queue.
Specifies the protection of the queue.
o Specify the ownership parameter as system (S), owner (O),
group (G), or world (W).
o Specify the access parameter as read (R), submit (S), manage
(M), or delete (D). A null access specification means no
access.
If you include only one protection code, you can omit the
parentheses.
For more information on specifying protection codes, see the
OpenVMS Guide to System Security. For more information on
controlling queue operations through UIC-based protection, see
the OpenVMS System Manager's Manual.
|