|
HP OpenVMS Systemsask the wizard |
|
The Question is: How do I create a Fortran program that can be installed with priviledges. I've look in the Fortran, Linker, and Programmer User Guide, but am still having trouble putting it all together. I can install the image with protection, but when the program executes the user still can not perform the task. The privs are not granted while the program runs. The Answer is :
The only mandatory considerations in creating a privileged image is that
it must be linked /NODEBUG/NOTRACEBACK, and it must be an executable
image. (A shareable image cannot grant privileges, and a privileged
shareable image does not use the INSTALL/PRIVILEGE mechanism -- please
see the Shareable Image Cookbook referenced in the OpenVMS FAQ for
details on shareable images.)
The OpenVMS Wizard recommends that the first executable statement in a
privileged image be a call to $SETPRV to turn OFF all privileges. Code
that requires privilege should specifically enable the needed privilege(s)
immediately prior to using the privilege and disable the privilege(s)
immediately afterwards. This minimises the chances that the program will
open an unexpected security hole in your system.
The executable image needs to be installed with privilege using the
INSTALL utility. It is important that the image is activated using
exactly the same name as it was installed with. The simplest way to
guarantee this is to define a SYSTEM logical name at EXECUTIVE mode
and use it exclusively when referring to the image. For example:
$ DEFINE/SYSTEM/EXECUTIVE MYPRIV DKA100:[WIZARD]PRIV_IMAGE.EXE
$ INSTALL MYPRIV /OPEN/HEADER/SHARED/PRIVILEGE=(WORLD,SYSLCK)
$ RUN MYPRIV
Do not specify the file version number on the logical name or during
the image activation. (This overrides the known-image activation.)
Also consider using a subsystem identifier, as this can avoid the need
INSTALL an executable image with additional privilege(s).
|