HPE Community
Operating System - OpenVMS
1752568 Members
5478 Online
108788 Solutions
New Discussion юеВ

Re: user priviledges

 
SOLVED
Go to solution
Eric_369
Advisor

тАО08-31-2005 08:33 AM

тАО08-31-2005 08:33 AM

user priviledges

I am using the install utility to create known file entries, for my "C" applications, with enhanced privledges (bypass).
These applications are run by users who have minimal dollar-sign ($) priviledges. The applications are given
world execute protection so the users can run them. One of the applications that is run by minimal priviledged users
has system call sys$sndjbcw which completes with a good status. This system call runs a command file, with logging, which
runs an application. In the log created by this system call I get the following error:

Error opening primary input file SYS$INPUT
Insufficient privilege or file protection violation

and the command file quits.


I modified the priviledges for this minimalized user to have READALL as a default priviledge. Now, the command file runs
the application just fine and I get the following error at the beginning of the log file:

%DCL-W-UNDFIL, file has not been opened by DCL - check logical name

Can you tell me where this error is coming from and how to get rid of it?
0 Kudos
Reply
24 REPLIES 24
Bojan Nemec
Honored Contributor

тАО08-31-2005 08:42 AM

тАО08-31-2005 08:42 AM

Solution

Re: user priviledges

Eric,


"Error opening primary input file SYS$INPUT
Insufficient privilege or file protection violation"

Be shure that this user can read the command procedure you submit with the sys$sndjbcw system service. Change the file protection not the user privileges.

Bojan
Reply
Bojan Nemec
Honored Contributor

тАО08-31-2005 08:57 AM

тАО08-31-2005 08:57 AM

Re: user priviledges

Sorry,

I didnt ansawer to yours second question.

Try to put a $ SET VERIFY at the beginning of the command procedure and see which command generates the error.

And now I see that you are new to this forum so:

Welcome to the VMS forum!

Bojan
Reply
Willem Grooters
Honored Contributor

тАО08-31-2005 09:13 AM

тАО08-31-2005 09:13 AM

Re: user priviledges

Check file IO in the commandprocedurfe and be sure to have /ERROR=
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
Eric_369
Advisor

тАО08-31-2005 09:28 AM

тАО08-31-2005 09:28 AM

Re: user priviledges

Bojan,
Thanks! I decreased the user priviledge and changed the command file protection and it worked great; however, the second error:

%DCL-W-UNDFIL, file has not been opened by DCL - check logical name,

appears before the "set verify" command in the command file, like so:

%DCL-W-UNDFIL, file has not been opened by DCL - check logical name
$SET VERIFY
....

Eric
0 Kudos
Reply
Eric_369
Advisor

тАО08-31-2005 10:25 AM

тАО08-31-2005 10:25 AM

Re: user priviledges

Willem,
In the following command snippet you posted do I use the name of my command procedure in the field?

$ OPEN/ERROR=No_infile IN
$! do your stuff
$! at end of process:
$ goto endjob
$!
$ No_Infile:
$! Just ean example!
$ S = $STATUS
$ write sys$output "Error opening file"
$!
$endjob:
$ IF F$TRNLNM("IN") .NES. "" then close IN
$ EXIT 'S'
0 Kudos
Reply
Phillip Thayer
Esteemed Contributor

тАО08-31-2005 10:54 AM

тАО08-31-2005 10:54 AM

Re: user priviledges

Sounds like maybe the process login.com or system sylogin.com may be trying to open or read a file that has not been opened yet. Look through those and see if there is any files that abe being used.

Phil
Once it's in production it's all bugs after that.
Reply
Bojan Nemec
Honored Contributor

тАО08-31-2005 06:27 PM

тАО08-31-2005 06:27 PM

Re: user priviledges

Eric,

Use the same technique with the sys$sylogin and the login procedure. Put set verify at the begining of this files. To avoid displaying on interactive terminals which can confuse normal users you can do a set verify only for batch jobs:

$ IF F$MODE().EQS."BATCH" THEN SET VERIFY

Bojan
Reply
Antoniov.
Honored Contributor

тАО08-31-2005 09:07 PM

тАО08-31-2005 09:07 PM

Re: user priviledges

Eric,
nice to meet you.

If you have V7.3 you can simply define
$ DEFINE/SYS SYLOGIN_VERIFY TRUE
After of this all login procedure have set verify enable. When you deass SYLOGIN_VERIFY, verify turn off. In this way you have no to modify command procedures.

Antonio Vigliotti
Antonio Maria Vigliotti
Reply
Eric_369
Advisor

тАО09-01-2005 05:24 AM

тАО09-01-2005 05:24 AM

Re: user priviledges

All,
Thank you for welcoming me to this site. It is a site I've desired for a very long time. Your help was much appreciated and your comments led me to the solution of my problem.

The problem was in my login.com file. There I had the following command:

Write sys$output: f$time()

I change it to:

Write sys$output f$time()

removing the colon after sys$output, and everything worked perfectly!

There was one thing I didn't understand. That login.com and sylogin.com were called when I run a batch job. Does this mean that when I run a batch job as a user that I am logging into the system again in "batch mode" to process the command file?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.