HPE Community
Operating System - OpenVMS
1751807 Members
5088 Online
108781 Solutions
New Discussion юеВ

Re: Protection settings

 
SOLVED
Go to solution
vmsserbo
Super Advisor

тАО08-04-2006 12:02 AM

тАО08-04-2006 12:02 AM

Protection settings

how to reset the protection on the target team07,08,09 drives.

What is the command?
0 Kudos
Reply
18 REPLIES 18
Robert Gezelter
Honored Contributor

тАО08-04-2006 12:14 AM

тАО08-04-2006 12:14 AM

Solution

Re: Protection settings

Miles,

It is unlikely that you need to set the protections on the drives.

What is more likely is that the one or more directories are protected in such a way as to prevent write access from the account that you are using.

As I mentioned in your other posting, what does the output of DIRECTORY/SECURITY say on the directories?

- Bob Gezelter, http://www.rlgsc.com
Reply
vmsserbo
Super Advisor

тАО08-04-2006 12:17 AM

тАО08-04-2006 12:17 AM

Re: Protection settings

I guess I would have to find out what directories the user is using?
0 Kudos
Reply
vmsserbo
Super Advisor

тАО08-04-2006 12:34 AM

тАО08-04-2006 12:34 AM

Re: Protection settings

Here is what the user is getting. Please give me the command to correct this, Thanks!

We need all directories on all three servers to be able to accept copies from TSTSTG. An example of some failures are shown bellow.

Jim

TSTSTG-1 >copy CLAIMS_ANALYSIS.EXE team07::$1$DUA4:[EXE]* /prot=w:rewd %COPY-E-OPENOUT, error opening TEAM07::$1$DUA4:[EXE]CLAIMS_ANALYSIS.EXE;81 as ou tput -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, DUA25:[X53.SYSTEST.EXE]CLAIMS_ANALYSIS.EXE;81 not copied

TSTSTG-1 >copy CLAIMS_ANALYSIS.EXE team08::prod_exe /prot=w:rewd %COPY-E-OPENOUT, error opening TEAM08::[]PROD_EXE.EXE; as output -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, DUA25:[X53.SYSTEST.EXE]CLAIMS_ANALYSIS.EXE;81 not copied

TSTSTG-1 >copy ready_byrd.com team08::USRDSK1:[BLS]* %COPY-E-OPENOUT, error opening TEAM08::USRDSK1:[BLS]READY_BYRD.COM;29 as output -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, USERS$DISK:[X53BYRD]READY_BYRD.COM;29 not copied

TSTSTG-1 >copy ready_byrd.com team08::prod_dcl:* /prot=w:rewd %COPY-E-OPENOUT, error opening TEAM08::PROD_DCL:[]READY_BYRD.COM;29 as output -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, USERS$DISK:[X53BYRD]READY_BYRD.COM;29 not copied

TSTSTG-1 >copy ready_byrd.com team08::prod_dcl:* %COPY-E-OPENOUT, error opening TEAM08::PROD_DCL:[]READY_BYRD.COM;29 as output -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, USERS$DISK:[X53BYRD]READY_BYRD.COM;29 not copied
TSTSTG-1 >copy ready_byrd.com team08::prod_dcl:*
0 Kudos
Reply
Barry Alford
Frequent Advisor

тАО08-04-2006 12:47 AM

тАО08-04-2006 12:47 AM

Re: Protection settings

Since a username and password are not provided in the remote node specification (before the ::), you should have proxy accounts setup on the other nodes (TEAM07 and TEAM08).

Use AUTHORIZE to review the proxy accounts:
UAF> show/proxy *

If they do not exist, you can add them e.g.:
UAF> add/proxy *::TSTSTG TSTSTG/default
would allow a TSTSTG user on any other node (the *) to log into this node as user TSTSTG

If no proxies have ever been defined, you will need to create the proxy database (only once per node):
UAF> create/proxy
Reply
Heinz W Genhart
Honored Contributor

тАО08-04-2006 12:49 AM

тАО08-04-2006 12:49 AM

Re: Protection settings

Hi Miles

You could use OPCOM to find the directories with the 'wrong' protection

If not already done:

SET AUDIT/ENABLE=FILE=FAIL/ALARM
or/and
SET AUDIT/ENABLE=FILE=FAIL/AUDIT

Then do a

REPLY/ENABLE

and let the user try.

You will then see OPCOM Messages or you can find this messages also in SYS$MANAGER:OPERATOR.LOG

such a Message looks similar like this one

%%%%%%%%%%% OPCOM 4-AUG-2006 14:38:28.20 %%%%%%%%%%%
Message from user AUDIT$SERVER on OBELIX
Security alarm (SECURITY) and security audit (SECURITY) on OBELIX, system id: 1027
Auditable event: Object access
Event information: file access request (IO$_ACCESS or IO$_CREATE)
Event time: 4-AUG-2006 14:38:28.20
PID: 202091A6
Process name: GENI
Username: GENI
Process owner: [GENI]
Terminal name: FTA727:
Image name: DSA0:[SYS0.SYSCOMMON.][SYSEXE]TYPE.EXE
Object class name: FILE
Object owner: [1,1]
Object protection: SYSTEM:RWED, OWNER:RWED, GROUP:RE, WORLD:
File name: _DSA0:[VMS$COMMON.SYS$STARTUP]SYSTARTUP_VMS.DAT;52
File ID: (11753,2855,0)
Access requested: READ
Posix UID: -2
Posix GID: -2 (%XFFFFFFFE)
Sequence key: 2B408B73
Status: %SYSTEM-F-NOPRIV, insufficient privilege or object protection violation

I enabled Opcom (REPL/ENABLE) removed my privileges (SET PROC/PRIV=NOALL) and did a TYPE of a file with a protection, which does not allowed me to type the file (SYS$STARTUP:SYSTARTUP_VMS.DAT).

In the Opcom message you can find all the required informations to solve your problem. This works same for direcory files.

Hope that helps

Regards

Heinz
Reply
Ian Miller.
Honored Contributor

тАО08-04-2006 12:50 AM

тАО08-04-2006 12:50 AM

Re: Protection settings

I guess team08 etc have (or should have) a DECnet proxy defined for node TESTG. On team08 do
$ SET DEF SYS$SYSTEM
$ MCR AUTHORIZE SHOW/PROX TESTG::*

which username on team08 does the proxy refer to ? Is it ok?

You may find that enabling opcom messages on team08 before attempting the file copy will give useful infomation.

$ REPLY/ENABLE
____________________
Purely Personal Opinion
Reply
vmsserbo
Super Advisor

тАО08-04-2006 12:56 AM

тАО08-04-2006 12:56 AM

Re: Protection settings

This is what I got??

TEAM08> set def sys$system:
TEAM08> mcr authorize show/prox tststg::*
%SECSRV-E-NOSUCHPROXY, no proxy record matches your specification
0 Kudos
Reply
vmsserbo
Super Advisor

тАО08-04-2006 01:07 AM

тАО08-04-2006 01:07 AM

Re: Protection settings

With destination only...
TSTSTG-1 >copy CLAIMS_ANALYSIS.EXE team08::prod_exe /prot=w:rewd %COPY-E-OPENOUT, error opening TEAM08::[]PROD_EXE.EXE; as output -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, DUA25:[X53.SYSTEST.EXE]CLAIMS_ANALYSIS.EXE;81 not copied

With destination + *...
TSTSTG-1 >copy CLAIMS_ANALYSIS.EXE team08::prod_exe:* /prot=w:rewd %COPY-E-OPENOUT, error opening TEAM08::PROD_EXE:[]CLAIMS_ANALYSIS.EXE;81 as outp ut -RMS-E-CRE, ACP file create failed -SYSTEM-F-INVLOGIN, login information invalid at remote node %COPY-W-NOTCOPIED, DUA25:[X53.SYSTEST.EXE]CLAIMS_ANALYSIS.EXE;81 not copied


How do I look at the operator log, I enabled it and I see nothing?
0 Kudos
Reply
Barry Alford
Frequent Advisor

тАО08-04-2006 01:12 AM

тАО08-04-2006 01:12 AM

Re: Protection settings

Ok, I was confused with your nodenames and usernames.

On TEAM08 and TEAM09:
$ set def sys$system
$ mc authorize
UAF> create/proxy ! just in case
UAF> add TSTSTG:: /default
UAF>exit
$
The usernames on TEAM08/09, must have access to the directories you are copying to -- you may have to create them!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.