HPE Community
Operating System - OpenVMS
1753980 Members
6090 Online
108811 Solutions
New Discussion юеВ

Letting unprivileged users initialize and mount tape devices

 
SOLVED
Go to solution
Allan Poulsen
Occasional Contributor

тАО02-26-2007 06:51 PM

тАО02-26-2007 06:51 PM

Letting unprivileged users initialize and mount tape devices

Dear All

I have a problem where I have to let otherwise unprivileged users initalize, mount and use tape devices in an OpenVMS 7.3 Alpha Cluster. I know of the privileges MOUNT, OPER and VOLPRO. This however does not let an unprivileged user initialize or mount a system wide tape device. I certantly does not want the user to have SYSPRV for this operation. Do any of you know a way through this problem?
0 Kudos
Reply
5 REPLIES 5
Karl Rohwedder
Honored Contributor

тАО02-26-2007 07:17 PM

тАО02-26-2007 07:17 PM

Re: Letting unprivileged users initialize and mount tape devices

You may set an ACL (SET SECURITY) on the tapedevice to allow specific users access.

regards Kalle
Reply
Steven Schweda
Honored Contributor

тАО02-26-2007 07:48 PM

тАО02-26-2007 07:48 PM

Re: Letting unprivileged users initialize and mount tape devices

Or just set the protection if you don't care
who does what. (An ACL lets you be more
selective, of course.) Around here (with me
being the only likely user), for example:

ALP $ show devi /full dlt

Magtape ALP$MKB400:, device type Quantum DLT4000 CPQ DRV, is online, record-
oriented device, file-oriented device,
[...]
Owner process ID 00000000 Dev Prot S:RWPL,O:RWPL,G:R,W:RWPL
Reply
Allan Poulsen
Occasional Contributor

тАО02-26-2007 08:26 PM

тАО02-26-2007 08:26 PM

Re: Letting unprivileged users initialize and mount tape devices

Thank You Kalle and Steven

I should have thought of that. This clearly shows I still have a lot to learn in the VMS world...
0 Kudos
Reply
Robert Gezelter
Honored Contributor

тАО02-26-2007 08:52 PM

тАО02-26-2007 08:52 PM

Re: Letting unprivileged users initialize and mount tape devices

Allan,

Please review the details of protecting devices in the OpenVMS Guide to System Security (available from the OpenVMS www site at http://www.hp.com/go/openvms )

It works quite well, also check out the details of using the ALLOCATE command. Private volumes are different from public volumes.

- Bob Gezelter, http://www.rlgsc.com
Reply
John Abbott_2
Esteemed Contributor

тАО02-26-2007 10:29 PM

тАО02-26-2007 10:29 PM

Solution

Re: Letting unprivileged users initialize and mount tape devices

Some Example to get you started;

(old syntax)
$ set acl/object=device/acl=(ident=[*,*],access=none) 'device'
$ set acl/object=device/acl=(ident=[uic],access=read+write+control) 'device'
(still works under vms v8.2)

(current - check help, can recall from which version of vms...)
$ set security/class=device/acl=(ident=[uic],access=read+write+control) 'device'

Hope this helps.
John.
Don't do what Donny Dont does
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.