- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: execute acces on SYSUAF.DAT
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 01:26 AM
тАО07-11-2006 01:26 AM
execute acces on SYSUAF.DAT
I install a patch on a third party Scheduler product ($U from Orsyp). Since this moment, I have security problems on the SYSUAF.DAT file.
Users who runing task under the scheduler generate a protection error : they try to access the SYSUAF.DAT in execute mode.
My question is : what is the risk to give (w:E) protection on SYSUAF.DAT. In the VMS doc I only see that execute access is to authorize to run a image or to @ a dcl file.
Thanks for help
Seghers Bruno
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:02 AM
тАО07-11-2006 02:02 AM
Re: execute acces on SYSUAF.DAT
Long time no see.
I have no knowledge of side effects except that you can @ the sysuaf file.
BTW : over here they are RE with no side effects.
CU
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:11 AM
тАО07-11-2006 02:11 AM
Re: execute acces on SYSUAF.DAT
setting SYSUAF.DAT to WO:RE is an invitation to hackers to try and crack your passwords.
The default protection for SYSUAF.DAT would be: SYSTEM:RWED, OWNER:RWED and nothing else.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:19 AM
тАО07-11-2006 02:19 AM
Re: execute acces on SYSUAF.DAT
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:46 AM
тАО07-11-2006 02:46 AM
Re: execute acces on SYSUAF.DAT
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:49 AM
тАО07-11-2006 02:49 AM
Re: execute acces on SYSUAF.DAT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:51 AM
тАО07-11-2006 02:51 AM
Re: execute acces on SYSUAF.DAT
In accounting : error accessing system authorization file and this for all new processes.
Wonder what other files I could use in this way ... should check *.dat at least.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2006 02:58 AM
тАО07-11-2006 02:58 AM
Re: execute acces on SYSUAF.DAT
One way of restricting this risk would be to add an ACL with a ACE grating execute access to holders to a specific idenitifer. Then grant that identifier to users who need to run a task under the scheduler.
I think that the locking problem mentioned above needs read access.
Purely Personal Opinion