HP OpenVMS Systems

Ask the Wizard
» 

HP OpenVMS Systems

OpenVMS information
» What's new on our site
» Upcoming events
» Configuration and buying assistance
» Send us your comments

HP OpenVMS systems
» OpenVMS software
» Supported Servers
» OpenVMS virtualization
» OpenVMS solutions and partners
» OpenVMS success stories
» OpenVMS service and support
» OpenVMS resources and information
» OpenVMS documentation
» Education and training

Quick Links
» Non-javascript page
» Ask the Wizard
» OpenVMS FAQ

Test Drive OpenVMS
» OpenVMS I64 test drive
» Java test drive

Other information resources available to you include:
» OpenVMS freeware
» ECO kits, software and hardware support, prior version support
» Alpha SRM, ARC, and AlphaBIOS firmware updates
» ENCOMPASS - HP user group
» OpenVMS software downloads, OpenVMS freeware CD-ROM
» OpenVMS firmware locations
» DECconnect passive adaptor charts
» Cables reference guide
» MicroVAX console commands
» OpenVMS student research

Select a topic below to see Questions Frequently Asked by partners
» Using the online documentation library(installing BNU from the asap SDK)
» Global sections(how to create and use.)
» xx$CREATE_BUFOBJ system service(usage)
» Ethernet address(methods of determination)
» Shareable images(cookbook approach to creating one)
» Sharing data/code at absolute addresses(a guide with examples)
» Determining the Alpha microprocessor
» Using GETSYI to get hardware status

Evolving business value
» Business Systems Evolution
» AlphaServer systems transition planning
» Alpha RetainTrust program

Related links
» HP Integrity servers
» HP Alpha systems
» HP storage
» HP software
» HP products and services
» HP solutions
» HP support
disaster proof
HP Integrity server animation
HP Integrity server animation
Content starts here

Ask the Wizard Questions

Security: SET FILE/OWNER=[x,*]

The Question is: 

$ SET FILE/OWNER=[group,*]
This command (using any group) causes serious headaches for
system managers.

Firstly, this can be performed by anyone, without any
elevated privileges.  This means that it can be easily used
to bypass disk quotas and make disk accounting extremely
difficult.

Secondly, here's a very disturbing side-effect
$ COPY *.COM *.TEST
$ SET FILE/OWNER=[group,*] *.test
$ DELETE *.*;*/BY_OWNER=[group,*]
ALL files in the directory are now deleted, not just those
with the funny owner.

Similarly, all commands that take the /BY_OWNER qualifier,
including SET FILE/OWNER, are unable to process the resultant
files, and instead return all files.  This makes it really
difficult to even find the resultant files.

What is the rationale behind allowing this ownership setting,
and why can we not have a flag to turn it off?  It does not
allow what the use may intend - group ownership of the file.

Thanks,

The Answer is: 

    This is odd. I can't use group identifiers under OpenVMS V6.1/Alpha
    at all, regardless of privilege:

    $ set file/owner=[100,*] dummy.owner
    %SET-E-NOTSET, error modifying DISK$USER1:[GILLINGS]DUMMY.OWNER;1
    -SYSTEM-F-BADOWNER, owner UIC is invalid; object ownership not changed

    Same behaviour under OpenVMS/VAX V6.1

    Under OpenVMS/Alpha V7.0, I get a privilege violation:

    $ set file/owner=[200,*] login.com
    %SET-E-NOTSET, error modifying USER$TSC:[GILLINGS]LOGIN.COM;1
    -SYSTEM-F-NOPRIV, insufficient privilege or object protection violation

    I think we need more details of precisely what the customer is doing.