Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2004 07:59 PM
тАО01-29-2004 07:59 PM
1) AUDIT_SERVER runs with username AUDIT$SERVER
2) DTLOGIN runs with username
3) TCPIP$INETACP runs with username TCPIP$INETACP
4) NET$ACP runs with username DNA$SessCtrl
Why are these running with non-existing usernames ? Why are they not using SYSTEM ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2004 08:30 PM
тАО01-29-2004 08:30 PM
Re: Usernames
the process you post are unauthorized process, where unauthorized doesn't means cracker or hacker process but only system services without loginout validation (such as detached processes).
Theese process works as server of user request; for example to check any privilege a process have to read system file but user could not have access to it; so user client process send request to system server process that works in user environment and have system privileges to access system files.
User
Sorry for my english: I hope you can understand my post.
Bye
Antoniov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2004 08:59 PM
тАО01-29-2004 08:59 PM
Re: Usernames
See below explanation:
______________________________________
The fundamental system service that creates processes, SYS$CREPRC, does
not use SYSUAF.DAT in any way. There is no requirement that the UIC
specified to $CREPRC exists in SYSUAF.DAT and if by some hackery the
username of the _creator_ (which traditionally is mandatorily inherited by
the _created_ process) did not exist in SYSUAF.DAT, this still does not
cause $CREPRC a problem.
Now it is true that in the _special_ case where the image specified to
$CREPRC is LOGINOUT _and_ the flag specified to $CREPRC says _do_ look
at SYSUAF.DAT, then when LOGINOUT gets to run, SYSUAF.DAT becomes
relevant and the parameters for the process as specified in the call to
$CREPRC are largely irrelevant, being superseded by stuff looked up in
SYSUAF.DAT (and that includes the UIC).
And of course in the case of an interactive, batch or network login,
LOGINOUT is used and SYSUAF.DAT is used and the username is entered by
the user. So based on that experience, the customer's question makes
sense, while in the broader context, the question does not i.e. behaviour
for interactive/batch/network login does not apply to all process
creations, in particular not to detached process creations.
___________________________
HTH,
Best regards,
Lokesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2004 09:28 PM
тАО01-29-2004 09:28 PM
Re: Usernames
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2004 11:45 AM
тАО01-30-2004 11:45 AM
Solution- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2004 02:39 PM
тАО01-30-2004 02:39 PM
Re: Usernames
If you have your UAF file slammed from a Multi-net site, and you are a TCPIP shop, you must re-create several accounts/proxies in order for NTP, FTP, SMTP... Etc to work correctly. Otherwise the services/processes will not startup at boot time because the account no longer exists.
When migrating a remote system from a client site, to our site, we run into this problem. They take the remote UAF file because there are hundereds of named users at that location, and I have about a dozen accounts to re-create.
Mike Naime
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2004 07:37 PM
тАО01-30-2004 07:37 PM
Re: Usernames
welcome to VMS comunity.
Antoniov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-31-2004 03:41 AM
тАО01-31-2004 03:41 AM
Re: Usernames
while you are at it, ANOTHER thing is strange about it: the length of TCPIP$INETACP is GREATER than the normally allowed 12 characters!
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2004 08:27 AM
тАО02-01-2004 08:27 AM
Re: Usernames
The (Username,UIC) pairs implicitly defined in UAF records may be used to create processes, but there is no requirement that a given process have a username or UIC that matches one defined in the UAF. A privileged process (IMPERSONATE) may create a process with any UIC at all, or (CMKRNL) change their username to any string they like (as described by Jilly).
Jan,
The "real" length limit in OpenVMS Usernames is 32 characters. It was increased from the original 12 in VMS V4.0. However, by that time the magic number "12" had been distributed too far and wide.
For a while you could define longer usernames using AUTHORIZE, but some things broke, so the NAMETOOBIG error was added to artificially re-impose the 12 character limit, but only in AUTHORIZE.
The username field in the UAF and in process data structures is 32 characters, and most things work correctly with long usernames. Correctly written code will specify the username length as PSB$S_USERNAME or UAF$S_USERNAME.
You may still be able to force a long username with $SETUAI, or by direct access to the UAF (unsupported!). It will "work", but some things may still break (MAIL was the most commonly reported utility that didn't work properly with long usernames back in V4 days, maybe it's been fixed by now?) I suspect that OpenVMS engineering hasn't had enough demand to justify attempting to qualify longer usernames.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2004 05:46 PM
тАО02-01-2004 05:46 PM
Re: Usernames
I don't have very old systems any more. Has it always been like that (non existing user names) or did it change at a certain VMS version (my memories go back to 4.4 but I didn't check it then).