- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - OpenVMS
- >
- ACL or file permission issue
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
ACL or file permission issue
SOLVED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-15-2010 04:08 PM
04-15-2010 04:08 PM
The savftp account is a drop off point for files that are processed by user savjob.
The default directory for savftp has the following acl entries:
Directory USR$DISK1:[000000]
SAVFTP.DIR;1 [SAVFTP] (RWE,RWE,RE,)
(IDENTIFIER=[SAVJOB],OPTIONS=DEFAULT,ACCESS=READ+DELETE)
(IDENTIFIER=[SAVJOB],ACCESS=READ+WRITE+DELETE)
User savjob processes the file in the usr$disk1:[savftp] directory. After processing the file user savjob attempts to rename the file to a directory owned by savjob on the same device. The rename fails with the following errors:
%RENAME-E-OPENOUT, error opening USR$DISK1:[SAVJOB.ENTDBA.ARC]TO_RECONCILE.OLD;
as output
-RMS-E-ENT, ACP enter function failed
-SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
As you can see the error happens when savjob tries to write to its own directory.
This process worked prior to migrating from another server with the same OS version, which by the way is OpenVMS 8.2, both systems are at the same patch level.
The old file in the USR$DISK1:[SAVJOB.ENTDBA.ARC] has its protection set to (RWED,RWED,RWED,)
When the new version of TO_RECONCILE.OLD is written it comes with the ace (IDENTIFIER=[SAVJOB],ACCESS=READ+DELETE)
Directory USR$DISK1:[SAVJOB.ENTDBA.ARC]
[SAVFTP] (RWED,RWED,RE,)
(IDENTIFIER=[SAVJOB],ACCESS=READ+DELETE)
TO_RECONCILE.OLD;1335
[SAVFTP] (RWED,RWED,RWED,)
TO_RECONCILE.OLD;1334
If I remove the ace and set the file permissions to be the same as TO_RECONCILE.OLD;1334; the job works once.
The next run fails with the errors previously listed.
How do I fix this?
Thanks in advance
Kevin
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-15-2010 04:31 PM
04-15-2010 04:31 PM
SolutionIn general, a tool to use here is file access alarms. Or audits, on a busy system. Enable file access failures. That'll tell you what failed.
If the commands can (also) be run interactively, another tool is "SET WATCH /CLASS=MAJOR FILE" or SET WATCH /CLASS=ALL FILE" such; the CLASS varies. Use SET WATCH /CLASS=NONE FILE" to shut off output. CMEXEC or CMKRNL is required. Look for the failure codes.
You can translate these failure codes with, for instance:
$ exit %x910
%SYSTEM-W-NOSUCHFILE, no such file
$
http://labs.hoffmanlabs.com/node/1450
Given you had another system involved, the ACLs can be all over the map if the SYSUAF and RIGHTSLIST don't match. I updated a tool to clean off ACLs for these cases:
http://labs.hoffmanlabs.com/node/426
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-16-2010 12:41 AM
04-16-2010 12:41 AM
Re: ACL or file permission issue
Re: ACL or file permission issue
What does the following command show?
$ directory/security USR$DISK1:[SAVJOB.ENTDBA]ARC.DIR
What is the raname command being used?
You may want to use rename/inherit_security
$ help rename /inherit_security
Jon
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-16-2010 12:04 PM
04-16-2010 12:04 PM
Re: ACL or file permission issue
Re: ACL or file permission issue
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP