HPE Community
Operating System - OpenVMS
1828227 Members
3334 Online
109975 Solutions
New Discussion

Security Privileges Required for Reboot

 
Pete Maurer
Advisor

‎10-19-2006 05:36 AM

‎10-19-2006 05:36 AM

Security Privileges Required for Reboot

I've been reviewing the 'HP OpenVMS Guide to System Security', but can't determine the
minimal privileges required to perform
a system reboot ???



0 Kudos
15 REPLIES 15
Volker Halle
Honored Contributor

‎10-19-2006 05:37 AM

‎10-19-2006 05:37 AM

Re: Security Privileges Required for Reboot

Pete,

have a look in SYS$SYSTEM:SHUTDOWN.COM

$privs = "AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, " -
+ "SYSNAM, SYSPRV, TMPMBX, WORLD"
$saved_privs = f$setprv(privs)
$if .not. f$privilege(privs)
$then
$say ""
$say "%SHUTDOWN-F-NOPRIV, the following privileges are required:"
$say "-SHUTDOWN-F-NOPRIV, ''privs'"
$exit %x10360004
$endif

Volker.
0 Kudos
Steven Schweda
Honored Contributor

‎10-19-2006 05:39 AM

‎10-19-2006 05:39 AM

Re: Security Privileges Required for Reboot

SYS$SYSTEM:SHUTDOWN.COM looks authoritative.

$say f$fao("!/!/!_SHUTDOWN -- Perform an Orderly System Shutdown")
$privs = "AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, " -
+ "SYSNAM, SYSPRV, TMPMBX, WORLD"
$saved_privs = f$setprv(privs)
$if .not. f$privilege(privs)
$then
$say ""
$say "%SHUTDOWN-F-NOPRIV, the following privileges are required:"
$say "-SHUTDOWN-F-NOPRIV, ''privs'"
$exit %x10360004
$endif
0 Kudos
Steven Schweda
Honored Contributor

‎10-19-2006 05:41 AM

‎10-19-2006 05:41 AM

Re: Security Privileges Required for Reboot

Looks like a consensus.
0 Kudos
Volker Halle
Honored Contributor

‎10-19-2006 05:41 AM

‎10-19-2006 05:41 AM

Re: Security Privileges Required for Reboot

Steven,

it always amazes me, how experienced OpenVMS people use to think and act alike ;-)

Volker.
0 Kudos
Andy Bustamante
Honored Contributor

‎10-19-2006 05:45 AM

‎10-19-2006 05:45 AM

Re: Security Privileges Required for Reboot


In addtion to Volker's response, if you can touch the console or system, you can reboot it.

If Availablity Manager or AMDS has control access enabled, you can crash a node, reboot depends on the value of AUTO_ACTION. No user id or privs required on the target node.

Andy
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Robert Gezelter
Honored Contributor

‎10-19-2006 05:46 AM

‎10-19-2006 05:46 AM

Re: Security Privileges Required for Reboot

Pete,

The privileges required are what will allow the privileges specified in the command extract that has previously been posted (e.g., AUDIT, CMKRNL, EXQUOTA, LOG_IO, NETMBX, OPER, SECURITY, SYSNAM, SYSPRV, TMPMBX, WORLD) to succeed.

While it is not mentioned, and I DO NOT RECOMMEND IT, SETPRIV (the ability to set any privilege bit) should also work (reference to the "OpenVMS Guide to System Security" to the effect that the SET PRIVILEGE command will succeed if SETPRIV is enabled).

- Bob Gezelter, http://www.rlgsc.com

0 Kudos
Steven Schweda
Honored Contributor

‎10-19-2006 05:49 AM

‎10-19-2006 05:49 AM

Re: Security Privileges Required for Reboot

SETPRIV -> SETPRV
0 Kudos
Volker Halle
Honored Contributor

‎10-19-2006 05:55 AM

‎10-19-2006 05:55 AM

Re: Security Privileges Required for Reboot

Andy,


reboot depends on the value of AUTO_ACTION


Please let me clarify this common misconception:

If a system crashes, it automatically reboots by default. This behaviour is controlled by the BUGREBOOT SYSGEN parameter (default = 1).

AUTO_ACTION only comes into play, if a HALT instruction or an error resulting in a CPU HALT (like kernel stack not valid) results in halting the current CPU:

If AUTO_ACTION is set to HALT, the CPU just HALTs. In case of an SMP system, this may cause a CPUSPINWAIT or CPUSANITY crash and reboot, if it's not the primary CPU.

If AUTO_ACTION is set to RESTART, the SRM firmware restarts the CPU and the system will take a bugcheck dump and reboot (depending on the setting of BUGREBOOT).

If AUTO_ACTION is set to BOOT, the system will just boot without creating a dump.

Volker.
0 Kudos
Robert Gezelter
Honored Contributor

‎10-19-2006 05:58 AM

‎10-19-2006 05:58 AM

Re: Security Privileges Required for Reboot

Steven,

Agreed, SETPRV. I was typing fast and not proof-reading enough.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Pete Maurer
Advisor

‎10-19-2006 07:36 AM

‎10-19-2006 07:36 AM

Re: Security Privileges Required for Reboot

Thanks!

I'm just looking to setup an operator account to reboot the system using 'SHUTDOWN.COM' and wanted to limit their authority.

Thanks!
0 Kudos
Pete Maurer
Advisor

‎10-19-2006 07:37 AM

‎10-19-2006 07:37 AM

Re: Security Privileges Required for Reboot

Thanks!
0 Kudos
Jan van den Ende
Honored Contributor

‎10-19-2006 08:54 AM

‎10-19-2006 08:54 AM

Re: Security Privileges Required for Reboot

Pete,

to express your thanks, please review

http://forums1.itrc.hp.com/service/forums/helptips.do?#33

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Andy Bustamante
Honored Contributor

‎10-19-2006 09:04 AM

‎10-19-2006 09:04 AM

Re: Security Privileges Required for Reboot


Volker,

Looking at the ES-45 Owner's guide, section 3.1.2:

The factory setting for auto_action is halt. The halt setting causes the system to stop in the SRM console. You must then boot the operating system manually.

For maximum system availability, auto_action can be set to boot or restart.

- With the boot setting, the operating system boots automatically after the SRM init command is issued or the Reset button is pressed.

- With the restart setting, the operating system boots automatically after the SRM init command is issued or the Reset button is pressed, and it also reboots after an operating system crash.

Andy
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Volker Halle
Honored Contributor

‎10-19-2006 06:06 PM

‎10-19-2006 06:06 PM

Re: Security Privileges Required for Reboot

Andy,


- With the RESTART setting ... it also reboots after an operating system crash.


If we are talking about OpenVMS here, this is NOT correct. After an OpenVMS crash, the BUGREBOOT system parameter controls, whether the OpenVMS kernel will send a reboot command to the console firmware. This does NOT depend on the AUTO_ACTION setting. By default (i.e. BUGREBOOT=1), OpenVMS will also reboot after a crash, if AUTO_ACTION is set to HALT - just try it on your favourite test system ;-)

See SYSGEN HELP SYS_P BUGREBOOT

Volker.
0 Kudos
John Abbott_2
Esteemed Contributor

‎10-19-2006 06:33 PM

‎10-19-2006 06:33 PM

Re: Security Privileges Required for Reboot

It's unlikely, but if you call the site specific shutdown procedure (syshutdwn, typically unused) for any 3rd party apps, dbs, etc, to shutdown 1st.. they might require additional privs or identifies for the oper account.
Don't do what Donny Dont does
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.