- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Problem with Temporary Mail Box
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2007 03:37 PM
тАО12-09-2007 03:37 PM
Re: Problem with Temporary Mail Box
>Just be aware that ANYBODY _WRITING_
>anything in that mailbox now requires
>GRPNAM privilege!
Not true. GRPNAM is required to CREATE the mailbox because part of the creation involves defining a logical name in LNM$GROUP. Once the mailbox exists, anyone in the group can *translate* the logical name without privilege. Assigning a channel to, reading or writing the mailbox is controlled by the security of the mailbox, which is completely independent of the LNM$TEMPORARY_MAILBOX logical name. There's a PROTMASK parameter to $CREMBX, and of course, a mailbox may have an ACL.
According to the documentation, the default protection of a mailbox comes from the "mailbox template", but I can't find one on a V8.3 system (see SHOW SECURITY/CLASS=SECURITY_CLASS *), nor does the command to change it seem to work:
$ SET SECURITY /CLASS=SECURITY_CLASS /PROFILE=TEMPLATE=MAILBOX /PROTECTION=(S:RWPL,O:RWPL,G,W) DEVICE
Regardless I still get mailboxes with W:RWPL access by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2007 04:40 PM
тАО12-09-2007 04:40 PM
Re: Problem with Temporary Mail Box
Found it...
$ show security/class=security device
DEVICE object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RW, Owner: RW, Group: R, World: R)
Access Control List:
Template: DISK
Owner: [SYSTEM]
Protection: (System: RWPL, Owner: RWPL, Group: R, World)
Access Control List:
...
Template: MAILBOX
Owner: [0,0]
Protection: (System: RWPL, Owner: RWPL, Group: RWPL, World: RWPL)
Access Control List:
...
but I still can't make it work!
Template: MAILBOX
Owner: [0,0]
Protection: (System: RWPL, Owner: RWPL, Group, World)
Access Control List:
(so group and world are no access)
but..
$ create/mailbox newmbx
$ show dev/full newmbx
Device MBA58676:, device type local memory mailbox, is online, record-oriented
device, shareable, mailbox device.
Error count 0 Operations completed 0
Owner process "" Owner UIC [OM_PROD]
Owner process ID 00000000 Dev Prot S:RWPL,O:RWPL,G:RWPL,W:RWPL
Reference count 1 Default buffer size 256
which doesn't match the protection in the template. Putting an explicit protection on the $CREMBX does as expected:
$ create/mailbox mbx2/prot=(s:rwpl,o:rwpl,g:rw,w)
$ show dev/full mbx2
Device MBA58680:, device type local memory mailbox, is online, record-oriented
device, shareable, mailbox device.
Error count 0 Operations completed 0
Owner process "" Owner UIC [OM_PROD]
Owner process ID 00000000 Dev Prot S:RWPL,O:RWPL,G:RW,W
Reference count 1 Default buffer size 256
The security templates are so well buried in the depths of the OS, I guess not enough people use them, and maybe they still have a few bugs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2007 07:16 PM
тАО12-09-2007 07:16 PM
Re: Problem with Temporary Mail Box
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2007 12:39 PM
тАО12-10-2007 12:39 PM
Re: Problem with Temporary Mail Box
> shared across all nodes in a cluster
Remember you're talking to Mr "Let's hassle OpenVMS engineering about very poor built in management of cluster common environment files" ;-) I probably reported some of those "multiple copies of the file lead to weirdness". :-)
(besides, the node in question is standalone)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2007 01:10 AM
тАО12-11-2007 01:10 AM
Re: Problem with Temporary Mail Box
>>>
Not true. GRPNAM is required to CREATE the mailbox because part of the creation involves defining a logical name in LNM$GROUP.
<<<
Thank you! One is never too old to learn. This DOES give me the means to determine which privileges can be revoked from which users without breaking an application.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2007 02:55 AM
тАО12-11-2007 02:55 AM
Re: Problem with Temporary Mail Box
Given the temporary mailbox name will be in the GROUP table (assuming you gave the mailbox a name in P1, that is known by P2..P10), processes P2..P10 must run in the same UIC group. If such a process runs in another UIC group, that name will not be translated (correctly) - hence IVDEVNAM.
My first question would be:
how does p2 know the name of the mailbox to use? hardcoded logical name?
You stated:
P2 came to know the mailbox using a logical, its not hardcoded logical, logical value will depend on the mailbox name created by the process p1.
I hope my understanding is correct: (values just examples):
P1 creares a mailbox _named_ "P1_INMBX", rsulting in device "_MB1234". In LNM$GROUP, a logical "P1_INMBX" will be created with content "_MB1234" - after the mailbox has been created. P2..P10 will search LNM$GROUP for "P1_INMBX", if found they get device "_MB1234" and assign a channel to it. If it is missing, there is no such device and no assignment will take place. Action depends: Wait and retry, or abort.
That would rule out synchornisation problems, I think.
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-05-2008 10:23 PM
тАО02-05-2008 10:23 PM
Re: Problem with Temporary Mail Box
ajaydec
- « Previous
- Next »