- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: run/uic= does not start process as other user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 08:14 PM
тАО08-09-2004 08:14 PM
Re: run/uic= does not start process as other user
While the online help says that you grant an identifier to a user it is technically incorrect. An identifier is assigned to a UIC value - see attached dialogue.
A UIC is a 32-bit value with the MSB=0. A general identifier is a 32-bit value with the MSB=1 [>=80000000(16)]. That is how resource identifiers can work:
- it is a general identifier with the RESOURCE attribute
- the owner of a directory/file is now the general identifier, not a UIC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 08:16 PM
тАО08-09-2004 08:16 PM
Re: run/uic= does not start process as other user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 09:12 PM
тАО08-09-2004 09:12 PM
Re: run/uic= does not start process as other user
Tim,
when I add a new user, to avoid any confusion, I always assign a new UIC and assign new identifier with same UIC.
UAF>ADD newuser /UIC=[g,i]
UAF>ADD/ID newuser /VALUE=UIC:[g,i]
In this way I work in same manner of unix and I see owner of file as username.
I manage little system (less than 100 user) and this simplify my work.
Antonio Vigliotti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 09:32 PM
тАО08-09-2004 09:32 PM
Re: run/uic= does not start process as other user
UAF> add xyz/uic=[414,414]
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier XYZ value [000414,000414] added to rights database
UAF> add xyz2/uic=[414,414]/account=zxy
%UAF-I-ADDMSG, user record successfully added
%UAF-E-RDBADDERRU, unable to add XYZ2 value [000414,000414] to rights database
-SYSTEM-F-DUPIDENT, duplicate identifier
%UAF-I-RDBADDMSGU, identifier ZXY value [000414,177777] added to rights database
UAF>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 10:11 PM
тАО08-09-2004 10:11 PM
Re: run/uic= does not start process as other user
I once saw a system where every account was explicitely copied from the default account - without assigning a new UIC. So every user came with a UIC of [200,200]. Not a pretty sight...
What I meant to say: On a properly administered machine, there is a mapping between rights identifiers (equalling usernames) and UICs.
If you do a $ DIRECTORY /OWNER, every username you see is really a UIC seen through that mapping.
cu,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 10:54 PM
тАО08-09-2004 10:54 PM
Re: run/uic= does not start process as other user
yes, that is the current behavior. And I am glad they changed it! Until not-too-long ago, creating a new username with an UIC that had already an associated identifier renamed the value of the identifier to the NEW username, leaving the EXISTING username without an associated identifier value.
Since I have noticed many posters here running older versions of VMS, I think this warning still has value to a lot of people!
But yes, it is good practise to make sure the value you are about to assign is still free.
And maybe in Antonio's case of ~100 users, conflicting assignments can be fairly easily resolved, but imagine 10K + users, in a rather security-sensitive environment like ours...
That makes it absolutely ESSENTIAL to have stickt procedures, with validation before action, in place.
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2004 11:16 PM
тАО08-09-2004 11:16 PM
Re: run/uic= does not start process as other user
as far as I can tell this has never been the case (and I started using identifier on VAX/VMS V4.x), but I might mis-understand you.
Assume you have user U1 with UIC: [2,1] and identifier U1 with the same UIC.
Now you create user U2 with UIC: [2,1], too. I have never ever seen that identifier U1 was renamed to U2 as you claim.
The problem starts when the system manager realizes his error and changes the UIC of user U2 to another value, lets say [3,1]. In this case the system grabs identifier U1 and changes its UIC to [3,1]. Great!
Now you have:
- user U1, UIC: [2,1], no identifier for UIC:[2,1]
- user U2, UIC: [3,1]
- identifier U1, UIC=[3,1]
The correct way would be:
UAF> modify U2/uic=[3,1]/nomodify_identifier
UAF> add/identifier U2 /value=uic=[3,1]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-10-2004 12:05 AM
тАО08-10-2004 12:05 AM
Re: run/uic= does not start process as other user
even I have little system, because I'm lazy I wrote a little DCL procedure to add new user. So I don't search for avaiable UIC and I create home directory too with standard LOGIN.COM; also I set pwdlifetime and temporary standard password /PWDEXPIRED.
Then my user enter into system and change his own password.
I never meet problem about UIC or similar.
Antonio Vigliotti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-10-2004 12:35 AM
тАО08-10-2004 12:35 AM
Re: run/uic= does not start process as other user
you mean like SYS$EXAMPLES:ADDUSER.COM ?
;-)
cu,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-10-2004 12:46 AM
тАО08-10-2004 12:46 AM
Re: run/uic= does not start process as other user
I wrote a simple standard procedure; first of this because I use semigraphical environment to make all system feature.
I release theese utility to my customers that are very beginner users.
They can add a new user among 3 profiles, enable/disable user, force temporary password when somebody forgot it and a few other options.
Obviously I read ADDUSER.COM before, some years ago.
Antonio Vigliotti