HP OpenVMS Systems

ask the wizard
Content starts here

Why these privileges for SUBMIT/USER?

» close window

The Question is:

I have never understood why in order to use SUBMIT/USER=someone_else
you need both CMKRNL privilege and WRITE access to the SYSUAF.
I would have expected CMKRNL + READ access to the SYSUAF.

The Answer is :

  You need to write to the SYSUAF as part of a standard login, and
  you also need access to kernel-mode data structures for this
  particular spoofing operation.
  If you want to create a process under another username, please
  consider DECnet task-to-task or similar, or consider a program
  that uses the persona services and $creprc or $sndjbc or such.

answer written or last revised on ( 1-JUN-2001 )

» close window