- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: run/uic= does not start process as other user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-10-2004 03:24 AM
тАО08-10-2004 03:24 AM
Re: run/uic= does not start process as other user
In summary:
If I wish to execute a process with the environment of another user ( i.e. users, quotas, login dir, username, etc) I must submit via a batch with the /user switch.
Running /detatched will only allow /uic= which would cause the process to run with a specific uic and its file security but not it's environment ( i.e. quotas, login dir, etc )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 03:02 AM
тАО08-11-2004 03:02 AM
Re: run/uic= does not start process as other user
Also check http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=630742 for simular problems.
Also note that some logicals like sys$scratch are missing. Thus, some programs may be unable to run.
Just do submit/user ... and hope "su -"
gets implemented someday.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 04:05 AM
тАО08-11-2004 04:05 AM
Re: run/uic= does not start process as other user
http://vms.process.com/scripts/fileserv/fileserv.com?HGLOGIN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 04:17 AM
тАО08-11-2004 04:17 AM
Re: run/uic= does not start process as other user
But if you use this freeware who is responsible for support ? We now pay lots of money to HP to have support. The "su -" should be within the support contract. Otherwise it is cheaper to use a free OS.
(I only use freeware such as zip and dfu for non-essential things)
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 06:54 AM
тАО08-11-2004 06:54 AM
Re: run/uic= does not start process as other user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 10:06 AM
тАО08-11-2004 10:06 AM
Re: run/uic= does not start process as other user
A good manager might ...
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 06:37 PM
тАО08-11-2004 06:37 PM
Re: run/uic= does not start process as other user
Hunter Goatley is known in vms world; also in Freeware CD there are another software to login with another user called JUMP.
For freeware you can ask support to developer (I guess he's happy to do this).
Antonio Vigliotti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 08:28 PM
тАО08-11-2004 08:28 PM
Re: run/uic= does not start process as other user
the one thing I would ABSOLUTELY need to go with "su-" is a very rigorous authentication, accounting, and audit on it!
"su-" as in *X just has way to little constraints and traceability.
(And on a vaguely related topic: in VMS I would like to be able to see who issued a SUBMIT/USER= )
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 09:09 PM
тАО08-11-2004 09:09 PM
Re: run/uic= does not start process as other user
http://h71000.www7.hp.com/openvms/freeware/index.html
there was a software called kronos that's a cron emulator.
Tim, you could see on it may give some idea.
Antonio Vigliotti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2004 09:41 PM
тАО08-11-2004 09:41 PM
Re: run/uic= does not start process as other user
I have had REALLY BAD experiences with su in Unix. When you have a lot to do, and certainly in a very stressfull environment, it's easy to forget you did su. With all consequences...In my case, the whole system was blown to pieces, just because of this. and there was no way to find out who did it...
Actually, if we had something like
$ RUN/IMPERSONATION=
to run just THAT image under that user's account, that would be sufficient IMHO.
Still wthin this, I double Jan's suggestions.
I would put even more restrictions:
At least "IMPERSONATE" privilege would be required. But additionally, you need GRPPRV to switch to another with your group and SYSPRV to any other - which means typically system-group users.
However, considering "root" in Unix terms equals VMS's "SYSTEM", it should NEVER be allowed to impersonate any account in a group where grp <= MAXSYSGROUP. Why would you: If you could, there is no need to do that, you can login that way!
(With one exception, perhaps: if your groupnumber is <= MAXSYSGROUP, when you have both SYSPRV and GRPPRV. It can be handy - but just that!)
If interactive "su" is implemented, all above applies, but I think it wise that default privileges should be as low as possible. Just enable authorized privilges is needed. Also, there must be a clear warning that you "su"'d, ON ANY PROMPT, which cannot be undone. I don't care in what format!
And PLEASE give it a decent name....
Willem
OpenVMS Developer & System Manager