[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:	OLD ALL-IN-1 (tm) Support Conference
Notice:	Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:	IOSG::PYE

Created:	Thu Jan 30 1992
Last Modified:	Tue Jan 23 1996
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4343
Total number of notes:	18308

2648.0. "NO PRIVILEGE FOR ATTEMPTED OPERATION" by TAKEOF::ERNI (Ursula Erni) Sun May 02 1993 18:41

    Last weekend I upgraded ALL-IN-1 (German language only) from 2.4 to 3.0 
    and also installed the Patch 3.0-1. Everything seemed to be ok until 
    unprivilegued users tried to work!
    
    For example when they called WP or EMC they got the error message:
    
    NO PRIVILEGE FOR ATTEMPTED OPERATION
    
    when they enter a "<CAB OPEN" they get the same message. I read note 
    number 1414 and thought already I had the same protection problem with 
    OAFC$CLIENT_SHR.EXE. All OAFC-images and OA$IMAGE have the right 
    protection and are also installed right.
    
    Then I was looking for the protection of the directories. They are ok 
    too. 
    
    With READALL privilege everything is fine. It definitely has to do 
    something with the protection, doesen't it. 
    
    I also let run the "SET WATCH". I did not come any further with it. All 
    accessed files seam to be ok.
    
    On a function "<CAB OPEN" the output of WATCH was:
    %XQP-I-FUNCTION, Directory scan for: PARTITION.DAT;0, Status: 00000001
    %XQP-I-FUNCTION, Directory scan for: FILECAB.DAT;0, Status: 00000001
    %XQP-I-FUNCTION, Directory scan for: SYSMSG.DIR;1, Status: 00000001
    %XQP-I-FUNCTION, Directory scan for: PLIMSG.EXE;0, Status: 00000001
    %XQP-I-FUNCTION, Directory scan for: PASMSG.EXE;0, Status: 00000001
    %XQP-I-FUNCTION, Directory scan for: PENDING.DAT;0, Status: 00000001
    
    And the trace says:
    ![IO]     Getting record from FILECAB, Key = 1, Key-of-ref = INDICATOR/1
    ![A1LOG]  Entry = %OA-I-LOGERROR, %RMS-W-NOPRIV, no privilege for 
              attempted operation
    ![IO]     Getting field NAME from FILECAB, Value = STANDARD
    ![IO]     FILECAB Server Request = LIST
    ![A1LOG]  Entry = %OA-I-LOGERROR, %RMS-W-NOPRIV, no privilege for 
              attempted operation
    
    Messages:
     %RMS-W-NOPRIV, no privilege for attempted operation                        
     %RMS-W-NOPRIV, no privilege for attempted operation                          
     %RMS-I-NOPRIV, no privilege for attempted operation                          
    
    Here you see the readaccess of the images:
    OAFC$CREATE_SERVER.EXE;1	[SYSTEM]              (RWED,RWED,,)
    OAFC$MTS_PRIV_SHR.EXE;3	[SYSTEM]              (RWED,RWED,RWED,RE)
    OAFC$PRINT_TRACE_LOG.EXE;2	[SYSTEM]              (RWED,RWED,,)
    OAFC$SERVER.EXE;4    	[SYSTEM]              (RWED,RWED,RWED,RE)
    OAFC$SYSFOLD_SEED.EXE;2	[SYSTEM]              (RWED,RWE,,)
    OAFC$CLIENT_SHR.EXE;2	[SYSTEM]              (RWED,RWED,RE,RE)
    OAFC$MTS_PRIV_SHR.EXE;2	[SYSTEM]              (RWED,RWED,RWED,RE)
    OAFC$MTS_PRIV_SHR.EXE;1	[SYSTEM]              (RWED,RWED,RWED,RE)
    OAFC$MTS_SHR.EXE;1   	[SYSTEM]              (RWED,RWED,,)
    OA$MAIN.EXE;13       	[ALLIN1]              (RWED,RWED,,E)
    
    List of installed images:
    OA$MAIN;13       Open Hdr Shar Prv
            Entry access count         = 27
            Current / Maximum shared   = 3 / 10
            Global section count       = 6
            Privileges = CMKRNL SYSNAM GRPNAM TMPMBX WORLD OPER NETMBX 
            		 SYSGBL SYSPRV BYPASS SYSLCK
    OAFC$CLIENT_SHR;2	Open     Shar          Lnkbl
            Entry access count         = 16
            Current / Maximum shared   = 3 / 51
            Global section count       = 3
    
    OAFC$MTS_PRIV_SHR;	Open     Shar     Prot Lnkbl
            Entry access count         = 1
            Current / Maximum shared   = 2 / 3
            Global section count       = 2
    
    OAFC$MTS_SHR;1   	Open     Shar          Lnkbl
            Entry access count         = 1
            Current / Maximum shared   = 2 / 4
            Global section count       = 3
     
    Does any one have an idea getting out of this misere?
    
    Ursi

T.R	Title	User	Personal Name	Date	Lines
2648.1	File ownerships are incorrect on some images	TINNIE::SETHI	Ah (-: an upside down smile from Oz	`Mon May 03 1993 00:46`	36
	Hi Ursula, As a comparison here is a list of files with ownership and protection on my system. For sys$system: images OAFC$CREATE_SERVER.EXE;1 [SYSTEM] (RWED,RWED,,) OAFC$PRINT_TRACE_LOG.EXE;2 [SYSTEM] (RWED,RWED,,) OAFC$SERVER.EXE;2 [SYSTEM] (RWED,RWED,RWED,RE) OAFC$SYSFOLD_SEED.EXE;2 [SYSTEM] (RWED,RWE,,) For OA$LIB: images OAFC$MTS_PRIV_SHR.EXE;1 [ALLIN1] (RWED,RWED,RE,) OAFC$SERVER.EXE;1 [ALLIN1] (RWED,RWED,RE,) OAFCV.EXE;1 [ALLIN1] (RWED,RWED,RE,RE) The installed images seem to be fine, however the images in oa$lib such as OAFC$MTS_PRIV_SHR.EXE;1 aren't in this case it should be owned by [ALLIN1]. I would suggest that you get a directory listing of [ALLIN1...] and carry out an audit. I have come across a number of problems regarding the file owberships which have been incorrectly set by the installation procedure. Also as part of your audit ensure that the .exe's in SYS$SYSTEM and SYS$LIBRARY are correct. If you cannot get a reliable directory listing please let me know and I will get you are listing and give you a pointer to the file. Please note ACL's and ownerships are important otherwise you will get the types of problems you are experiencing. Good luck, Sunil
2648.2	$ SET AUDIT /ALARM /ENA=FILE=FAIL	UTRTSC::SCHOLLAERT	Ajax, Ajax, Ajax...	`Mon May 03 1993 09:08`	12
	Hello, Perhaps AUDIT might help. $ SET AUDIT /ALARM /ENA=FILE=FAIL $ REPLY /ENABLE=SECURITY $ SET TERM /BROADCAST Regards, Jan
2648.3	need listening	TAKEOF::ERNI	Ursula Erni	`Mon May 03 1993 09:15`	12
	Hi Sunil Your correction of the ownership of SYS$COMMON:[SYSLIB]OAFC$MTS_PRIV_SHR did not help any further. As I saw on my system the ownership of this particular file was the same. We did already go through the ALLIN1, SYS$SYSTEM and SYS$LIBRARY directories but did not find any differenzes from a good running system. A am really happy when you send me a reliable listening of the files ownership. Ursi
2648.4	Yupieeeeeeeee Audit is just great Yupieeeeeeeeeeeee	TAKEOF::ERNI	Ursula Erni	`Mon May 03 1993 09:47`	29
	Hi Jan Bingo, audit did really help. It was SYS$LIBRARY:EPC$SHR.EXE. %%%%%%%%%%% OPCOM 3-MAY-1993 10:20:36.99 %%%%%%%%%%% Message from user AUDIT$SERVER on UZN011 Security alarm (SECURITY) and security audit (SECURITY) on UZN011, system id: 41 995 Auditable event: Attempted file access Event time: 3-MAY-1993 10:20:36.94 PID: 20A01D35 Username: U17204 Image name: DSA112:[ALLIN1.][000000.LIB_SHARE]OA$MAIN.EXE Object name: DSA103:[SYS0.SYSCOMMON.][SYSLIB]EPC$SHR.EXE; Object type: file Access requested: EXECUTE Status: %SYSTEM-F-NOPRIV, no privilege for attempted operation By the way what does OA$IMAGE have to do with SYS$LIBRARY:EPS$SHR.EXE? Thanks a lot Ursi
2648.5	EPC$SHR.EXE : DECtrace	UTRTSC::SCHOLLAERT	Ajax, Ajax, Ajax...	`Mon May 03 1993 10:29`	9
	Hello Ursi, SYS$LIBRARY:EPC$SHR.EXE is part of DECtrace. See chapter 17 of the Managemant Guide. Regards, Jan
2648.6	Re .2 what a good idea I will keep that in mind	TINNIE::SETHI	Ah (-: an upside down smile from Oz	`Mon May 03 1993 23:37`	1