- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Logical Name Table Protection
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 12:29 AM
11-06-2006 12:29 AM
Do I need to put something into SYSECURITY.COM?
(LNM$GROUP_000310) [kernel] [shareable,group]
[Protection=(RWCD,R,R,)] [Owner=[ITDEVMT,*]]
Rob.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 12:40 AM
11-06-2006 12:40 AM
Solutionputting the commands in SYSECURITY.COM won't help, as this group table would probably not yet exists at startup time.
The group logical name table get created, once the first user in that group logs in.
You might want to submit a batch-job under a user of this group during startup and then set the protection of the group table from a privileged user, once the batch job has finished and the group table has been created.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 12:48 AM
11-06-2006 12:48 AM
Re: Logical Name Table Protection
You're definitely sure that's the only method? I'd check it out, but our test node's in use at the moment.
Rob.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 12:53 AM
11-06-2006 12:53 AM
Re: Logical Name Table Protection
$ run/det/inp=nl:/out=nl:/uic=[310,0] sys$system:loginout.exe
You can then the protection using the SET SECURITY command.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 12:55 AM
11-06-2006 12:55 AM
Re: Logical Name Table Protection
I'll add that to SYSECURITY and see what happens.
Rob.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 12:58 AM
11-06-2006 12:58 AM
Re: Logical Name Table Protection
There is nothing special about the group logical name table, merely that it be named correctly and entered in the correct place.
This is normally done when the first login from that group occurs, but a simple CREATE can accomplish the same thing during the startup process.
You may also reconsider granting the WRITE permission, and instead consider the use of an ACL with an explicit identifier, or the use of GRPPRV or GRPNAM. Either approach may will produce a higher safety level in many cases.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2006 02:01 AM
11-06-2006 02:01 AM
Re: Logical Name Table Protection
i.e. [kernel, no_alias]
(You can get a exec mode table with CREATE) I don't know if this makes any real difference.
Use of an identifier based protection scheme instead of UIC group does does give finer control but what is suitable for your use depends on your requirements.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2006 02:10 AM
11-08-2006 02:10 AM
Re: Logical Name Table Protection
>>>
I'll add that to SYSECURITY and see what happens.
<<<
Note that SYLOGICALS is executed even earlier, so, depending on your needs..
I agree with Bob, that ACLs are much more fine-grained, and perhaps better suited.
However, like Ian, I disagree with him on CREATE_TABLE. Creating the first process in a UIC group creates the kernel mode table, with no_alias, which even prevent, or overrules the effects of, a table in any non-kernel mode.
btw, what is so "pretty nasty" about creating a table before being able to manipulate its protection? To me it sounds more nasty if you could just reference a table, (eg, with SET PROT) and hen that reference would create it.
Process creation is the established VMS method for creating group logical name tables.
just my EUR 0.02
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 03:21 AM
09-03-2007 03:21 AM