|
HP OpenVMS Systemsask the wizard |
|
The Question is: How can I spawn a process that requires cmkrnl and the user who is running the process cannot have cmkrnl as a privilege Because of our audit regulations. What I need to do is Stop and Start oracle 7.0. The Answer is : One common technique to allow operators to schedule privileged operations is to have a suitably privileged user (e.g., SYSTEM) submit a self-resubmitting batch job to perform the desire function, but with /HOLD specified on the SUBMIT command. Anyone with OPER privilege (or with manage access to the queue via an ACL) can then release the job to perform that privileged operation, and only that privileged operation, at the appropriate time. Other alternatives include task-to-task DECnet communications (using DCL or using a compiled language), with the remote (server) end operating with the necessary privileges and accepting requests from the local (client) end. (DCL DECnet task-to-task has been discussed here before -- see "DCL Task-to-Task", among others.) Various packages in the DECUS library are availabable for this and similar. One such example is CERBERUS. Through the use of the persona system services, the implmentation of a controlled access to a sys$creprc with the necessary privileges would be relatively simple. All of the above are easily auditable. There are other approaches.
|