topic Security Privileges Required for Reboot in Operating System - OpenVMS

Security Privileges Required for Reboot

Pete Maurer — Thu, 19 Oct 2006 12:36:13 GMT

I've been reviewing the 'HP OpenVMS Guide to System Security', but can't determine the
minimal privileges required to perform
a system reboot ???

Re: Security Privileges Required for Reboot

Volker Halle — Thu, 19 Oct 2006 12:37:53 GMT

Pete,

have a look in SYS$SYSTEM:SHUTDOWN.COM

$privs = "AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, " -
+ "SYSNAM, SYSPRV, TMPMBX, WORLD"
$saved_privs = f$setprv(privs)
$if .not. f$privilege(privs)
$then
$say ""
$say "%SHUTDOWN-F-NOPRIV, the following privileges are required:"
$say "-SHUTDOWN-F-NOPRIV, ''privs'"
$exit %x10360004
$endif

Volker.

Re: Security Privileges Required for Reboot

Steven Schweda — Thu, 19 Oct 2006 12:39:10 GMT

SYS$SYSTEM:SHUTDOWN.COM looks authoritative.

$say f$fao("!/!/!_SHUTDOWN -- Perform an Orderly System Shutdown")
$privs = "AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, " -
+ "SYSNAM, SYSPRV, TMPMBX, WORLD"
$saved_privs = f$setprv(privs)
$if .not. f$privilege(privs)
$then
$say ""
$say "%SHUTDOWN-F-NOPRIV, the following privileges are required:"
$say "-SHUTDOWN-F-NOPRIV, ''privs'"
$exit %x10360004
$endif

Re: Security Privileges Required for Reboot

Steven Schweda — Thu, 19 Oct 2006 12:41:08 GMT

Looks like a consensus.

Re: Security Privileges Required for Reboot

Volker Halle — Thu, 19 Oct 2006 12:41:35 GMT

Steven,

it always amazes me, how experienced OpenVMS people use to think and act alike ;-)

Volker.

Re: Security Privileges Required for Reboot

Andy Bustamante — Thu, 19 Oct 2006 12:45:02 GMT

In addtion to Volker's response, if you can touch the console or system, you can reboot it.

If Availablity Manager or AMDS has control access enabled, you can crash a node, reboot depends on the value of AUTO_ACTION. No user id or privs required on the target node.

Andy

Re: Security Privileges Required for Reboot

Robert Gezelter — Thu, 19 Oct 2006 12:46:53 GMT

Pete,

The privileges required are what will allow the privileges specified in the command extract that has previously been posted (e.g., AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, SYSNAM, SYSPRV, TMPMBX, WORLD) to succeed.

While it is not mentioned, and I DO NOT RECOMMEND IT, SETPRIV (the ability to set any privilege bit) should also work (reference to the "OpenVMS Guide to System Security" to the effect that the SET PRIVILEGE command will succeed if SETPRIV is enabled).

- Bob Gezelter, http://www.rlgsc.com

Re: Security Privileges Required for Reboot

Steven Schweda — Thu, 19 Oct 2006 12:49:36 GMT

SETPRIV -> SETPRV

Re: Security Privileges Required for Reboot

Volker Halle — Thu, 19 Oct 2006 12:55:59 GMT

Andy,

reboot depends on the value of AUTO_ACTION

Please let me clarify this common misconception:

If a system crashes, it automatically reboots by default. This behaviour is controlled by the BUGREBOOT SYSGEN parameter (default = 1).

AUTO_ACTION only comes into play, if a HALT instruction or an error resulting in a CPU HALT (like kernel stack not valid) results in halting the current CPU:

If AUTO_ACTION is set to HALT, the CPU just HALTs. In case of an SMP system, this may cause a CPUSPINWAIT or CPUSANITY crash and reboot, if it's not the primary CPU.

If AUTO_ACTION is set to RESTART, the SRM firmware restarts the CPU and the system will take a bugcheck dump and reboot (depending on the setting of BUGREBOOT).

If AUTO_ACTION is set to BOOT, the system will just boot without creating a dump.

Volker.

Re: Security Privileges Required for Reboot

Robert Gezelter — Thu, 19 Oct 2006 12:58:14 GMT

Steven,

Agreed, SETPRV. I was typing fast and not proof-reading enough.

- Bob Gezelter, http://www.rlgsc.com

Re: Security Privileges Required for Reboot

Pete Maurer — Thu, 19 Oct 2006 14:36:29 GMT

Thanks!

I'm just looking to setup an operator account to reboot the system using 'SHUTDOWN.COM' and wanted to limit their authority.

Thanks!

Re: Security Privileges Required for Reboot

Pete Maurer — Thu, 19 Oct 2006 14:37:20 GMT

Thanks!

Re: Security Privileges Required for Reboot

Jan van den Ende — Thu, 19 Oct 2006 15:54:36 GMT

Pete,

to express your thanks, please review

http://forums1.itrc.hp.com/service/forums/helptips.do?#33

Proost.

Have one on me.

jpe

Re: Security Privileges Required for Reboot

Andy Bustamante — Thu, 19 Oct 2006 16:04:07 GMT

Volker,

Looking at the ES-45 Owner's guide, section 3.1.2:

The factory setting for auto_action is halt. The halt setting causes the system to stop in the SRM console. You must then boot the operating system manually.

For maximum system availability, auto_action can be set to boot or restart.

- With the boot setting, the operating system boots automatically after the SRM init command is issued or the Reset button is pressed.

- With the restart setting, the operating system boots automatically after the SRM init command is issued or the Reset button is pressed, and it also reboots after an operating system crash.

Andy

Re: Security Privileges Required for Reboot

Volker Halle — Fri, 20 Oct 2006 01:06:11 GMT

Andy,

- With the RESTART setting ... it also reboots after an operating system crash.

If we are talking about OpenVMS here, this is NOT correct. After an OpenVMS crash, the BUGREBOOT system parameter controls, whether the OpenVMS kernel will send a reboot command to the console firmware. This does NOT depend on the AUTO_ACTION setting. By default (i.e. BUGREBOOT=1), OpenVMS will also reboot after a crash, if AUTO_ACTION is set to HALT - just try it on your favourite test system ;-)

See SYSGEN HELP SYS_P BUGREBOOT

Volker.

Re: Security Privileges Required for Reboot

John Abbott_2 — Fri, 20 Oct 2006 01:33:51 GMT

It's unlikely, but if you call the site specific shutdown procedure (syshutdwn, typically unused) for any 3rd party apps, dbs, etc, to shutdown 1st.. they might require additional privs or identifies for the oper account.