[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference vaxaxp::vmsnotes

Title:VAX and Alpha VMS
Notice:This is a new VMSnotes, please read note 2.1
Moderator:VAXAXP::BERNARDO
Created:Thu Jan 23 1997
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:703
Total number of notes:3722

213.0. "UAF>mod user/priv=all NOT working" by TAV02::CHAIM (Semper ubi Sub ubi .....) Wed Feb 19 1997 04:14

I thought that I had posted this note on Sunday, February 16.

OpenVMS V6.2 VAX

A system manager has been attempting to do the following:

$mc authorize
UAF>mod user/privliges=all/defpriv=all
OR
$mc authorize
UAF>mod user/privliges=noall/defpriv=noall

She receives a message as if the user record has been updated, but a 
$mc authorize
UAF>sho user

does NOT show either all or no provileges.

I asked her to do this in such a way that all the output is recorded in a file,
and she FAXed me this output, and indeed what she describes is really
happening.

She has a define/system/exec sysuaf sys$system:sysuaf.dat

Now we tried the following. We made a copy of the current sysuaf.dat via
backup/ignore. Now she has two sysuaf.dat files; 1 and 2. She defined a process
sysuaf logical pointing to the ;2 and this still failed. She defined a process
sysuaf logical pointing to the ;1 and this still worked. 

So now she did the following. She defined a process sysuaf logical pointing to
the ;2 and this still failed. Now she made a third copy of sysuaf and without
changing the sysuaf logical (which is still pointing explicitly to ;2) it
worked.

In other words it fails ONLY when attempting to work on the latest version;
attempting to work on any lower versions apperas to work.

I have looked through COMET but I haven't found any problem which appears even
similar. 

Thanks,

Cb.
T.RTitleUserPersonal
Name		DateLines
213.1Please see .4 for correctionALPHAZ::HARNEYJohn A HarneyWed Feb 19 1997 11:5612
re: .0

Please get her to MAIL the output of this problem so we can all see it.

I'd suggest:
    a) Turn on AUDITS.  No sense guessing what's happening when we can
       see for ourselves.

    b) Try the /PRIV and /DEVPRV (notice spelling, please!) commands
       on separate lines, and see if that helps.

\john
213.2Test SequenceXDELTA::HOFFMANSteve, OpenVMS EngineeringWed Feb 19 1997 12:4354
   Get rid of all logicals and all other site-specific hackery for some
   tests -- reboot the system with the SYSGEN parameter STARTUP_P1 set to
   "MIN".   Use the following command sequence on the system console
   terminal, having the customer mail the results to us:

	Username: SYSTEM/NOCOMMAND
	Password: <password>
	...
	$ SET DEFAULT SYS$SYSTEM:
	$ SHOW LOGICAL SYSUAF*/FULL
        $ ANALYZE/RMS SYS$SYSTEM:SYSUAF.DAT
	$ WRITE SYS$OUTPUT "''F$ENVIR(""MESSAGE"")'"
	$ RUN AUTHORIZE
	UAF> SHOW TEST_TARG
	UAF> CREATE TEST_TARG/PRIVILEGE=ALL/UIC=[555,1212]/PASS=BOGUS
	UAF> SHOW TEST_TARG
	UAF> <CTRL/Z>
	$ RUN AUTHORIZE
	UAF> SHOW TEST_TARG
	UAF> MODIFY TEST_TARG/PRIVILEGE=NOALL
	UAF> SHOW TEST_TARG
	UAF> <CTRL/Z>
	$ RUN AUTHORIZE
	UAF> SHOW TEST_TARG
	UAF> REMOVE TEST_TARG
	UAF> <CTRL/Z>

   If the above sequence works as expected, then reboot with STARTUP_P1
   set back to the "" default value.  Use the (same) command sequence:

	Username: SYSTEM/NOCOMMAND
	Password: <password>
	...
	$ SET DEFAULT SYS$SYSTEM:
	$ SHOW LOGICAL SYSUAF*/FULL
        $ ANALYZE/RMS SYS$SYSTEM:SYSUAF.DAT
	$ WRITE SYS$OUTPUT "''F$ENVIR(""MESSAGE"")'"
	$ RUN AUTHORIZE
	UAF> CREATE TEST_TARG/PRIVILEGE=ALL/UIC=[555,1212]/PASS=BOGUS
	UAF> SHOW TEST_TARG
	UAF> <CTRL/Z>
	$ RUN AUTHORIZE
	UAF> SHOW TEST_TARG
	UAF> MODIFY TEST_TARG/PRIVILEGE=NOALL
	UAF> SHOW TEST_TARG
	UAF> <CTRL/Z>
	$ RUN AUTHORIZE
	UAF> SHOW TEST_TARG
	UAF> REMOVE TEST_TARG
	UAF> <CTRL/Z>

   Have the customer send us the results of both command sequences.
213.3AUSS::GARSONDECcharity Program OfficeWed Feb 19 1997 19:526
re .1
    
>    b) Try the /PRIV and /DEVPRV (notice spelling, please!) commands
                           ^^^^^^
    
    Well, /DEFPRIVILEGES is closer to reality.
213.4ALPHAZ::HARNEYJohn A HarneyWed Feb 19 1997 22:327
re: .3, .0

Please disregard my DEVPRV comment in .1.  Not only can't I type, but I was
wrong on the spelling I thought I had right.  Both DEFPRV and DEFPRIV are
accepted by AUTHORIZE.

\john
213.5/DEFPRIVTAV02::CHAIMSemper ubi Sub ubi .....Thu Feb 20 1997 04:0032
>
>Please get her to MAIL the output of this problem so we can all see it.
>

This is a military installation so she won't be able to e-mail it to me, but
I'll ask her to send me the file. I have a FAX which shows that she is correct. 

>    b) Try the /PRIV and /DEVPRV (notice spelling, please!) commands
>       on separate lines, and see if that helps.
>

I beg your pardon, but I believe the CORRECT spelling is /DEFPRIV

Parameter  Qualifiers
  /ACCESS    /ACCOUNT   /ALGORITHM /ASTLM     /BATCH     /BIOLM     /BYTLM
  /CLI       /CLITABLES /CPUTIME   /DEFPRIVILEGES        /DEVICE    /DIALUP
  /DIOLM     /DIRECTORY /ENQLM     /EXPIRATION           /FILLM     /FLAGS
  /GENERATE_PASSWORD    /INTERACTIVE          /JTQUOTA   /LGICMD    /LOCAL
  /MAXACCTJOBS          /MAXDETACH /MAXJOBS   /MODIFY_IDENTIFIER    /NETWORK
  /OWNER     /PASSWORD  /PBYTLM    /PGFLQUOTA /PRCLM     /PRIMEDAYS /PRIORITY
  /PRIVILEGES           /PWDEXPIRED           /PWDLIFETIME
  /PWDMINIMUM           /REMOTE    /SHRFILLM  /TQELM     /UIC
  /WSDEFAULT /WSEXTENT  /WSQUOTA
  Examples   /IDENTIFIER           /PROXY     /SYSTEM_PASSWORD

MODIFY Subtopic?

Thanks,

Cb.