- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Security Privileges Required for Reboot
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:36 AM
тАО10-19-2006 05:36 AM
Security Privileges Required for Reboot
minimal privileges required to perform
a system reboot ???
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:37 AM
тАО10-19-2006 05:37 AM
Re: Security Privileges Required for Reboot
have a look in SYS$SYSTEM:SHUTDOWN.COM
$privs = "AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, " -
+ "SYSNAM, SYSPRV, TMPMBX, WORLD"
$saved_privs = f$setprv(privs)
$if .not. f$privilege(privs)
$then
$say ""
$say "%SHUTDOWN-F-NOPRIV, the following privileges are required:"
$say "-SHUTDOWN-F-NOPRIV, ''privs'"
$exit %x10360004
$endif
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:39 AM
тАО10-19-2006 05:39 AM
Re: Security Privileges Required for Reboot
$say f$fao("!/!/!_SHUTDOWN -- Perform an Orderly System Shutdown")
$privs = "AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, " -
+ "SYSNAM, SYSPRV, TMPMBX, WORLD"
$saved_privs = f$setprv(privs)
$if .not. f$privilege(privs)
$then
$say ""
$say "%SHUTDOWN-F-NOPRIV, the following privileges are required:"
$say "-SHUTDOWN-F-NOPRIV, ''privs'"
$exit %x10360004
$endif
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:41 AM
тАО10-19-2006 05:41 AM
Re: Security Privileges Required for Reboot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:41 AM
тАО10-19-2006 05:41 AM
Re: Security Privileges Required for Reboot
it always amazes me, how experienced OpenVMS people use to think and act alike ;-)
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:45 AM
тАО10-19-2006 05:45 AM
Re: Security Privileges Required for Reboot
In addtion to Volker's response, if you can touch the console or system, you can reboot it.
If Availablity Manager or AMDS has control access enabled, you can crash a node, reboot depends on the value of AUTO_ACTION. No user id or privs required on the target node.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:46 AM
тАО10-19-2006 05:46 AM
Re: Security Privileges Required for Reboot
The privileges required are what will allow the privileges specified in the command extract that has previously been posted (e.g., AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, SYSNAM, SYSPRV, TMPMBX, WORLD) to succeed.
While it is not mentioned, and I DO NOT RECOMMEND IT, SETPRIV (the ability to set any privilege bit) should also work (reference to the "OpenVMS Guide to System Security" to the effect that the SET PRIVILEGE command will succeed if SETPRIV is enabled).
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:49 AM
тАО10-19-2006 05:49 AM
Re: Security Privileges Required for Reboot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:55 AM
тАО10-19-2006 05:55 AM
Re: Security Privileges Required for Reboot
reboot depends on the value of AUTO_ACTION
Please let me clarify this common misconception:
If a system crashes, it automatically reboots by default. This behaviour is controlled by the BUGREBOOT SYSGEN parameter (default = 1).
AUTO_ACTION only comes into play, if a HALT instruction or an error resulting in a CPU HALT (like kernel stack not valid) results in halting the current CPU:
If AUTO_ACTION is set to HALT, the CPU just HALTs. In case of an SMP system, this may cause a CPUSPINWAIT or CPUSANITY crash and reboot, if it's not the primary CPU.
If AUTO_ACTION is set to RESTART, the SRM firmware restarts the CPU and the system will take a bugcheck dump and reboot (depending on the setting of BUGREBOOT).
If AUTO_ACTION is set to BOOT, the system will just boot without creating a dump.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2006 05:58 AM
тАО10-19-2006 05:58 AM
Re: Security Privileges Required for Reboot
Agreed, SETPRV. I was typing fast and not proof-reading enough.
- Bob Gezelter, http://www.rlgsc.com