From: Nigel Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <009A1FC1.D36EA0E7.74@maxwell.ph.kcl.ac.uk> Date: Tue, 07 May 1996 17:19:34 +0100 Organization: Info-Vax<==>Comp.Os.Vms Gateway > >=i'd ask for SUBMIT/NODE=xxxxxx, > >=because i want a job to run on a specific node, not a specific queue. > >=any batch queue on that node would be fine. bear in mind that i have > >=no control over the queues, so i can't workaround with SET QUEUE /CHAR. > >=i don't even know the names of the queues! > [snip] > can any DEC engineers describe to me the "correct" way a third-party product > should create a demon during a command procedure invoked by SYSTARTUP_VMS.COM? > especially when that demon should be created under a username other than > "SYSTEM"? i would be extremely grateful to hear of an answer . . . Well, the following has always worked for me: $ RUN SYS$SYSTEM:LOGINOUT.EXE - /INPUT=commandfile.com - /OUTPUT=logfile.log - /ERROR=errorfile.log - /PRIV= ... - !optional /UIC=[m,n] - !optional /PRIORITY = n - !optional /NOAUTH - /PROCESS=processname This creates a process running the DCL interpreter with the privileges, uic and priority you specify. See HELP RUN PROC for other things you can specify. To start it on another node, you could invoke this command via SYSMAN: SYSMAN> SET ENV /NODE=xxx /USER=SYSTEM SYSMAN> DO the_above Nigel Arnot NRA@MAXWELL.PH.KCL.AC.UK "In the beginning there was nothing, which exploded." + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Dale Lobb Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: Date: Wed, 08 May 1996 10:10:21 -0500 Organization: Info-Vax<==>Comp.Os.Vms Gateway I can thin k of one easy way to do this: use decnet to set host to the current node and log in under a different user name. Then run the detached process (daemon). In the following, {} sets are my own inclusions. Code snipet: $ type t1.com $ set host/log=t1.log 0 {USERNAME GOES HERE} {PASSWORD GOES HERE} set verify show proc eoj $ Output from test run: $ type t1.log Welcome to the BMH VAXcluster on node ATHENA (VAX/VMS V6.1 ) Username: {REMOVED} Password: Welcome to OpenVMS VAX version V6.1 on node ATHENA Last interactive login on Wednesday, 8-MAY-1996 09:59 Last non-interactive login on Wednesday, 8-MAY-1996 10:00 $ SET VERIFY $ SHOW PROC 8-MAY-1996 10:00:21.13 User: {REMOVED} Process ID: 24E0C846 Node: ATHENA Process name: {REMOVED} Terminal: RTA1: (ATHENA::{REMOVED}) User Identifier: [PRD,{REMOVED}] Base priority: 4 Default file spec: SRC$DSK:[{REMOVED}] Devices allocated: ATHENA$RTA1: $ EOJ {REMOVED} logged out at 8-MAY-1996 10:00:21.22 Does this help? ==================================== Dale T. Lobb Programmer Analyst Bryan Memorial Hospital DLobb@Bryan.Org Personal Email: LordGeep@inetnebr.com ==================================== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Subject: Re: openVMS 8.0 (how to create daemon) Date: 7 May 1996 22:29:29 GMT Organization: HST Wide Field/Planetary Camera Message-Id: <4mois9$icu@gap.cco.caltech.edu> To: Info-VAX@Mvb.Saic.Com In article <009A1FC1.D36EA0E7.74@maxwell.ph.kcl.ac.uk>, Nigel writes: = =Well, the following has always worked for me: = =$ RUN SYS$SYSTEM:LOGINOUT.EXE - = /INPUT=commandfile.com - = /OUTPUT=logfile.log - = /ERROR=errorfile.log - = /PRIV= ... - !optional = /UIC=[m,n] - !optional = /PRIORITY = n - !optional = /NOAUTH - = /PROCESS=processname = =This creates a process running the DCL interpreter with the privileges, =uic and priority you specify. See HELP RUN PROC for other things you can =specify. To start it on another node, you could invoke this command =via SYSMAN: = =SYSMAN> SET ENV /NODE=xxx /USER=SYSTEM =SYSMAN> DO the_above Problem is, it doesn't answer his question: He wants the process to run under a different username, not under a different UIC (though the different username may well have a different UIC). The distinction is important for some utilities (MAIL comes to mind), and in situations where you're using ACLs. You can verify that your suggestion does NOT address that problem by putting the command: $ WRITE SYS$OUTPUT F$GETJPI("","USERNAME") in commandfile.com. As far as I know, the only SUPPORTED way to run a process under a different username is to use SUBMIT/USERNAME. I seem to recall that there's some trick that's used in creating network processes that lets you create a process with a different username. And of course the obvious hack to do it is to: 1) Change your process's (or is it job's?) username via a kernel-mode hack; 2) Create the process; 3) Change your username back to what it was originally. -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: dpm@access4.digex.net (David P. Murphy) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 8 May 1996 15:35:30 -0400 Organization: Phase of the Moon Software Inc. Alexandria, VA Message-ID: David P. Murphy (dpm@access.digex.net) asked: > can any DEC engineers describe to me the "correct" way a third-party product > should create a demon during a command procedure invoked by SYSTARTUP_VMS.COM? > especially when that demon should be created under a username other than > "SYSTEM"? i would be extremely grateful to hear of an answer . . . Nigel Argot (sysmgr@maxwell.ph.kcl.ac.uk) responded: >Well, the following has always worked for me: > >$ RUN SYS$SYSTEM:LOGINOUT.EXE - > /INPUT=commandfile.com - > /OUTPUT=logfile.log - > /ERROR=errorfile.log - > /PRIV= ... - !optional > /UIC=[m,n] - !optional Carl Lydick (carl@SOL1.GPS.CALTECH.EDU) pointed out: >Problem is, it doesn't answer his question: He wants the process to run under >a different username, not under a different UIC (though the different username >may well have a different UIC). The distinction is important for some >utilities (MAIL comes to mind), and in situations where you're using ACLs. Dale Lobb suggested: >I can think of one easy way to do this: use decnet to set host to the current >node and log in under a different user name. Then run the detached process >(daemon). > [example deleted] >Does this help? dale, i appreciate your time and effort, but i cannot use that method during a command procedure invoked by SYSTARTUP_VMS.COM, which of course is the canonical time for demons to be created. Nigel also suggested: >SYSMAN> SET ENV /NODE=xxx /USER=SYSTEM >SYSMAN> DO the_above i've played around with this approach, but it doesn't work on the local node . . . i don't know why. i don't know if it does or does not work on a remote node, because i am not interested in that question. unfortunately, the "set profile" system service(s) introduced in V7.0 (i think --- i'm away from my office right now) do not seem to have a related DCL interface :-( ok dpm -- David P. Murphy mailto:murphy@connor.datametrics.com (work) systems programmer mailto:dpm@access.digex.net (personal) http://www.access.digex.net/~dpm COGITO ERGO DISCLAIMUM ftp://ftp.access.digex.net/pub/access/dpm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 9 May 1996 07:58:08 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4ms8ig$d22@gap.cco.caltech.edu> In article , dpm@access4.digex.net (David P. Murphy) writes: = =dale, i appreciate your time and effort, but i cannot use that method =during a command procedure invoked by SYSTARTUP_VMS.COM, which of course =is the canonical time for demons to be created. WHY THE HELL NOT? Are you now claiming that you can't require that the startup for your product be run after DECnet is started? Why the hell don't you try peddling that bullshit to anybody who produces a TCP/IP package for VMS (For those of you who don't understand the reference: DECnet changes the physical address of the Ethernet controller; this can't be done if something else [e.g., a TCP/IP package] is using the controller; hence anybody selling a TCP/IP package must require that DECnet be started before their startup code is executed. David seems to be blissfully unaware of this, and therefore thinks that anybody selling a product MUST be willing to let the customers run his startup procedure at an arbitrary point in the startup procedures). Sorry, Dave, but your objection is utter bullshit. =Nigel also suggested: = =>SYSMAN> SET ENV /NODE=xxx /USER=SYSTEM =>SYSMAN> DO the_above = =i've played around with this approach, but it doesn't work =on the local node . . . i don't know why. It doesn't work on the local node because SYSMAN always uses the current account on the local node rather than going through a remote protocol to executes its commands. May I suggest that if you intend to sell a product intended to run on VMS, you actually LEARN SOMETHING ABOUT VMS instead of whining about your own ignorance? -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: dpm@access5.digex.net (David P. Murphy) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 9 May 1996 10:12:10 -0400 Organization: Phase of the Moon Software Inc. Alexandria, VA Message-ID: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) writes: >In article , dpm@access4.digex.net (David P. Murphy) writes: > >=dale, i appreciate your time and effort, but i cannot use that method >=during a command procedure invoked by SYSTARTUP_VMS.COM, which of course >=is the canonical time for demons to be created. >WHY THE HELL NOT? because i don't want to store the password in the {product}_STARTUP.COM. if you want to try to market a product which does this, go right ahead; there's certainly no *technical* reason you cannot. minus fifty points for not understanding basic security concepts. >Are you now claiming that you can't require that the startup >for your product be run after DECnet is started? i said "i cannot use that method". i did not say "carl cannot use that method", nor did i say "ken fairfield cannot use this method". i gave no reason for my restriction, and i didn't even mention decnet. minus ten points for putting words in my mouth. >Why the hell don't you try >peddling that bullshit to anybody who produces a TCP/IP package for VMS (For >those of you who don't understand the reference: DECnet changes the physical >address of the Ethernet controller; this can't be done if something else [e.g., >a TCP/IP package] is using the controller; hence anybody selling a TCP/IP >package must require that DECnet be started before their startup code is >executed. David seems to be blissfully unaware of this, and therefore thinks >that anybody selling a product MUST be willing to let the customers run his >startup procedure at an arbitrary point in the startup procedures). david is unblissfully aware that participating in comp.os.vms carries the heavy price of being flailed by the almighty omniscient carl. david tries not to add unnecessary restrictions into his company's products. david is proud to demonstrate that his Bullshit Peddler's License has never been used. david sees nothing in the preceding paragraph which bears any relevance to the current thread. minus ten points for reading my mind incorrectly. $ peek/type=all/image=multi* terminal username processname imagename state uic pid -------- ------------ --------------- --------------- ----- --------- -------- system SMTP_SYMBIONT multinet_smtp_s hib [001,004] 20200117 system SYMBIONT_9 multinet_stream hib [001,004] 20200118 %PEEKER-S-COMPLETE, 2 processes found $ TGV creates their demons under the SYSTEM username, so you lose ten points for introducing a completely moot and useless tangent. >Sorry, Dave, but your objection is utter bullshit. minus one point for misinterpreting my security requirement as an "objection". plus twenty points for your clever use of profanity, and another five points for your brilliant sense of timing (i.e., when to curse and when not to) --- it's not something you can learn in school, it's something you're born with. minus twenty-five points for calling me "dave" instead of "david". >=Nigel also suggested: >= >=>SYSMAN> SET ENV /NODE=xxx /USER=SYSTEM >=>SYSMAN> DO the_above >= >=i've played around with this approach, but it doesn't work >=on the local node . . . i don't know why. >It doesn't work on the local node because SYSMAN always uses the current >account on the local node rather than going through a remote protocol to >executes its commands. then nigel's suggestion is not useful to me. thanks anyway, nigel. >May I suggest that if you intend to sell a product intended to run on VMS, you >actually LEARN SOMETHING ABOUT VMS instead of whining about your own ignorance? no, you may not. have you developed a product? and sold it? and supported it? on hundreds of systems around the world? may i suggest that you actually LEARN SOMETHING ABOUT THE REAL WORLD instead of flaming me for nothing? i didn't think so. minus ten points for suggesting that admission of ignorance is a Bad Thing. minus five points for implying that i have yet to "learn anything about VMS". %USENET-S-GAMEOVER, you are 96 points shy of a clue -USENET-I-GETBACKTOWORK, thanks for playing ok dpm -- David P. Murphy mailto:murphy@connor.datametrics.com (work) systems programmer mailto:dpm@access.digex.net (personal) http://www.access.digex.net/~dpm COGITO ERGO DISCLAIMUM ftp://ftp.access.digex.net/pub/access/dpm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Nigel Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <009A204E.F04E35AF.69@maxwell.ph.kcl.ac.uk> Date: Wed, 08 May 1996 10:09:42 +0100 Organization: Info-Vax<==>Comp.Os.Vms Gateway I stand corrected... > Problem is, it doesn't answer his question: He wants the process to run under > a different username, not under a different UIC (though the different username > may well have a different UIC). Yup. There is another possibility if you don't want to rely on either queues or kernel hacking: DECNET task-to-task. This is the method that the OSU WWW server startup uses. You need either to add a proxy record that allows the initiating user to proxy the target user, or to add a DECNET object with the desired user and password. On the plus side this isn't reliant on a queue and you get to find out immediately if the target node is down. On the minus side, it requires DECNET and, like the queue method, may require the management environment of an arbitrary VMS machine to be altered. Nigel Arnot NRA@MAXWELL.PH.KCL.AC.UK "In the beginning there was nothing, which exploded." + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: dpm@access1.digex.net (David P. Murphy) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 9 May 1996 20:28:13 -0400 Organization: Phase of the Moon Software Inc. Alexandria, VA Message-ID: Nigel writes: >On the plus side this isn't reliant on a queue and you get to find out >immediately if the target node is down. On the minus side, it requires >DECNET and, like the queue method, may require the management environment >of an arbitrary VMS machine to be altered. by the way, has anyone else noticed the new argument to sys$creprc() as of V7.0? you can specify a nodename. this is certainly useful, and the "persona" system services may give a supported manner of creating a demon under a different username, but there is no DCL support for either of these abilities in V7.0 . . . i.e., neither RUN /NODENAME= nor RUN /USERNAME= qualifiers. wish they would keep pace with each other. ok dpm -- David P. Murphy mailto:murphy@connor.datametrics.com (work) systems programmer mailto:dpm@access.digex.net (personal) http://www.access.digex.net/~dpm COGITO ERGO DISCLAIMUM ftp://ftp.access.digex.net/pub/access/dpm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: dpm@access1.digex.net (David P. Murphy) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 10 May 1996 12:41:26 -0400 Organization: Phase of the Moon Software Inc. Alexandria, VA Message-ID: dpm@access1.digex.net (David P. Murphy) writes: >there is no DCL support for either of these abilities in V7.0 . . . >i.e., neither RUN /NODENAME= nor RUN /USERNAME= qualifiers. i stand corrected. according to the V7.0 DCL Dictionary, you can specify RUN /DETACHED /ON=nodename to create a process on another node. my previous statement was based upon the V7.0 New Features Manual, which lists the new argument to $CREPRC() but does not mention the new qualifier to the RUN command. but there is still no /USERNAME= qualifier! i double-checked ;-) ok dpm -- David P. Murphy mailto:murphy@connor.datametrics.com (work) systems programmer mailto:dpm@access.digex.net (personal) http://www.access.digex.net/~dpm COGITO ERGO DISCLAIMUM ftp://ftp.access.digex.net/pub/access/dpm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Gotfryd Smolik Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: Date: Fri, 10 May 1996 14:07:10 +0200 (MET DST) Organization: Info-Vax<==>Comp.Os.Vms Gateway On 9 May 1996, David P. Murphy wrote: > carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) writes: > [...] > > >WHY THE HELL NOT? > > because i don't want to store the password in the {product}_STARTUP.COM. > if you want to try to market a product which does this, go right ahead; > there's certainly no *technical* reason you cannot. > > minus fifty points for not understanding basic security concepts. Minus the *hundreth* for you: 1. Why you can't set (as one element of setup - when your create the username for your product): $ uaf ADD/PROXY 'f$getsyi("nodename")'::SYSTEM your_product_username Ok, someone may want disable the proxy. But requirement to enabling the proxy for THE SAME node isn't so huge ! 2. Why you can't create your object binded with your username, executing procedure where test's the SYS$REM_ID and SYS$REM_SCRATCH ? [...] > %USENET-S-GAMEOVER, you are 96 points shy of a clue > -USENET-I-GETBACKTOWORK, thanks for playing Er -:) Only if YOU write the game... Gotfryd + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: ecf_stbo@jhuvms.hcf.jhu.edu (Old-Fashioned Staffordshire Plate...) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 9 May 1996 14:37 EDT Organization: The Johns Hopkins University - HCF Message-ID: <9MAY199614370496@jhuvms.hcf.jhu.edu> In article <4ms8ig$d22@gap.cco.caltech.edu>, carl@SOL1.GPS.CALTECH.EDU writes... >=dale, i appreciate your time and effort, but i cannot use that method >=during a command procedure invoked by SYSTARTUP_VMS.COM, which of course >=is the canonical time for demons to be created. > >WHY THE HELL NOT? Are you now claiming that you can't require that the startup >for your product be run after DECnet is started? Maybe what he means is he doesn't want logins enabled before his product is fired up. Tom O'Toole - ecf_stbo@jhuvms.hcf.jhu.edu - JHUVMS system programmer **WAKE UP folks! Boycott Net$cape and Micro$oft greed driven proprietary "enhancements"! BOYCOTT micro$oft network "msn.com", micro$oft money and other attempts by the micro$oft monopoly to control electronic banking and commerce!** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Gotfryd Smolik Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: Date: Fri, 10 May 1996 14:14:29 +0200 (MET DST) Organization: Info-Vax<==>Comp.Os.Vms Gateway On 9 May 1996, Old-Fashioned Staffordshire Plate... wrote: > Maybe what he means is he doesn't want logins enabled before his product is > fired up. Can't mean this: for the non-interactive logins isn't used the same mechanism as for SET LOGINS/INTERACTIVE. Admin MAY limit some access, but for default network logins are enabled by default if net starts; I some time have use this to log via task when SYSTARTUP are hang and wait for some reason before the SET INTERACTIVE step. Regards - Gotfryd + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Newsgroups: comp.os.vms From: pinkley@Eisner.DECUS.Org Subject: Re: openVMS 8.0 (how to create daemon) X-Nntp-Posting-User: PINKLEY Organization: DECUServe Message-ID: Date: Sat, 11 May 1996 02:40:12 GMT In article <4mois9$icu@gap.cco.caltech.edu>, carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) writes: [snip] carl explains why $ run/detach/uic=[x,y] does not work >Problem is, it doesn't answer his question: He wants the process to run under >a different username, not under a different UIC (though the different username >may well have a different UIC). The distinction is important for some >utilities (MAIL comes to mind), and in situations where you're using ACLs. ^^^^^^^^^^^^^^^^^^^^^^ How does the username affect ACLs? Jon Pinkley pinkley@eisner.decus.org + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Arne Vajhoej Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <01I4KQ07DJ428WYZJT@kopc.hhs.dk> Date: Sat, 11 May 1996 09:59:42 +0100 Organization: Info-Vax<==>Comp.Os.Vms Gateway > 1. > Why you can't set (as one element of setup - when your > create the username for your product): > > $ uaf ADD/PROXY 'f$getsyi("nodename")'::SYSTEM your_product_username > > Ok, someone may want disable the proxy. But requirement to enabling > the proxy for THE SAME node isn't so huge ! > > 2. > Why you can't create your object binded with your username, > executing procedure where test's the SYS$REM_ID and SYS$REM_SCRATCH ? ???? Why do you think a security minded site would be more happy with decnet proxies or decnet objects than with a password in a file owned by system and properly protected ? The best solution is probably SUBMIT/USER+RUN/DETACH or RUN/UIC as already suggested by many. RUN/DETACH/USER could be usefull, but I would not call it important (easy to say for me - I do not need the functionality !). Arne Arne Vajhøj local DECNET: KOPC::ARNE Computer Department PSI: PSI%23831001354030::ARNE Southern Denmark Business School Internet: ARNE@KO.HHS.DK WWW URL: http://www.hhs.dk/~arne/arne.html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 13 May 1996 00:00:52 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4n5u3k$j0l@gap.cco.caltech.edu> In article , pinkley@Eisner.DECUS.Org writes: =How does the username affect ACLs? It affects ACLs via determining which rightslist identifiers the process is granted. The process will be granted the identifiers held by the UIC listed in the UAF entry for the username rather than those held by the UIC used in the RUN/UIC command. For example, my UIC on my machine has been granted the identifier DIALBACK. The SYSTEM uic hasn't. If I use the command RUN/UIC=SYSTEM/DETACH to create a detached process executing the DCL procedure: $ show proc $ show proc/priv then the results are as shown below. Note that the process holds the DIALBACK identifier. Had it been running under the username SYSTEM, it wouldn't hold that identifier. 12-MAY-1996 15:49:09.40 User: CARL Process ID: 20C01F44 Node: SOL1 Process name: "" Terminal: User Identifier: [SYSOPR,SYSTEM] Base priority: 4 Default file spec: DISK$USERDISK:[CARL] 12-MAY-1996 15:49:09.75 User: CARL Process ID: 20C01F44 Node: SOL1 Process name: "" Process privileges: CMKRNL may change mode to kernel ... SECURITY may perform security functions Process rights: INTERACTIVE LOCAL DIALBACK System rights: SYS$NODE_SOL1 -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Gotfryd Smolik Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) (fwd) Message-ID: Date: Mon, 13 May 1996 08:30:48 +0200 (MET DST) Organization: Info-Vax<==>Comp.Os.Vms Gateway I: > > Ok, someone may want disable the proxy. But requirement to enabling > > the proxy for THE SAME node isn't so huge ! Arne: > Why do you think a security minded site would be more happy with > decnet proxies or decnet objects than with a password in a file > owned by system and properly protected ? Because the use of proxy -> creation process are accurate traced: when used, can generate process generation alarm: EXACTLY, were used ! And password for the specified user are not available. ACL alarm may going for the possiblity of *security break*, not disntinguish between *use* and b.ex. BACKUP copy -:) And you have no way to get the user password... Then, if one of debater are WON't accept password explicity avilable in some file, has the way -:) For object.... Hm. You're right... I im too fast start with me conception. Also, because for hardcoded login (I mean: the start of real server process are NOT allowed, because the LOGIN goes to RUN/DETACH and logout) noone can't go to break system security WITH THE SPECIFIED USERNAME, and I must agree - no differention for security. Gotfryd + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: gezelter@rlgsc.com Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <1996May11.055658.927@rlgsc.com> Date: 11 May 96 05:56:58 EST Organization: Robert Gezelter Software Consultant, Flushing, NY In article , dpm@access1.digex.net (David P. Murphy) writes: > > i stand corrected. according to the V7.0 DCL Dictionary, you can > specify RUN /DETACHED /ON=nodename to create a process on another node. > > my previous statement was based upon the V7.0 New Features Manual, > which lists the new argument to $CREPRC() but does not mention > the new qualifier to the RUN command. > > but there is still no /USERNAME= qualifier! i double-checked ;-) David, Yes, but there is a /UIC parameter (and it has been there a VERY long time). As an example, consider STARTNET.COM (Phase IV DECnet). The file STARTNET.COM calls the file LOADNET.COM. A quick examination of LOADNET.COM will clearly show that NETACP (which I presume is a good example of the type of process that you wish to start) is started using the RUN command, with a long list of parameters, including, /UIC=[g,u]. >From your original description, as I recall it, I would not think that you want to use a specific nodename in a startup procedure. In my experience, the best way to start up daemons on a particular processor is during that processor's startup, pushing processes onto other processors is likely to suffer from the plethora of possible timing situations during partial startups of different nodes and cluster configurations. I hope that the above is helpful. If I have been unclear, or can be of further assistance, please feel free to contact me via Email or phone. - Bob +--------------------------------------------------------------------------+ | Robert "Bob" Gezelter E-Mail: gezelter@rlgsc.com | | Robert Gezelter Software Consultant Voice: +1 718 463 1079 | | 35-20 167th Street, Suite 215 Fax: (on Request) | | Flushing, New York 11358-1731 | | United States of America | +--------------------------------------------------------------------------+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: dpm@access4.digex.net (David P. Murphy) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 14 May 1996 12:06:30 -0400 Organization: Phase of the Moon Software Inc. Alexandria, VA Message-ID: gezelter@rlgsc.com writes: >Yes, but there is a /UIC parameter (and it has been there a VERY long time). which has nothing to do with the username. >As an example, consider STARTNET.COM (Phase IV DECnet) {which calls >LOADNET.COM} [CHOMP] okay, let's consider it. here, i'll cut&paste the relevant code: $ RUN 'P1' - /NOACCOUNTING- /NOAUTHORIZE- /AST_LIMIT=100- /BUFFER_LIMIT='BUF_LIM'- /EXTENT='EXTENT'- /FILE_LIMIT=128- /IO_BUFFERED=32767- /IO_DIRECT=32767- /QUEUE_LIMIT=16- /ENQUEUE_LIMIT='ENQLM'- /MAXIMUM_WORKING_SET='MAX_WORK'- /PAGE_FILE='PAGE_FILE'- /PRIORITY=8- /PRIVILEGES=CMKRNL- /PROCESS_NAME=NETACP- /UIC=[1,3] nope, don't see anything in there about username. f$getjpi() calls show the username to be DECNET but the account to be SYSTEM and the uic to be [1,4] which is not what i see here: $ mcr authorize show decnet Username: DECNET Owner: DECNET DEFAULT Account: DECNET UIC: [376,376] ([DECNET]) CLI: DCL Tables: DCLTABLES [...] so the process is obviously hacking its own username (the JIB$T_USERNAME field) via privileged code, *after* it has been created by the RUN command above executed by the startup process --- running under the SYSTEM username --- which copied the starting process's username and account into the JIB (and UIC into the PCB) of the newly created process. therefore the LOADNET.COM procedure has nothing to do with my wishlist item, the /USERNAME= qualifier for the $ RUN /DETACHED command. >From your original description, as I recall it, I would not think that you >want to use a specific nodename in a startup procedure. In my experience, >the best way to start up daemons on a particular processor is during that >processor's startup, pushing processes onto other processors is likely to >suffer from the plethora of possible timing situations during partial >startups of different nodes and cluster configurations. well, i think we'd all admit that you've got a point there, bob, but then again, no one suggested creating demons on another node during startup of the first node. i simply thought that the NODENAME argument to $CREPRC() would be useful in general. ok dpm -- David P. Murphy mailto:murphy@connor.datametrics.com (work) systems programmer mailto:dpm@access.digex.net (personal) http://www.access.digex.net/~dpm COGITO ERGO DISCLAIMUM ftp://ftp.access.digex.net/pub/access/dpm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Chris_F_Chiesa@cup.portal.com Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 10 May 1996 09:40:08 -0700 Organization: The Portal System (TM) Sender: pccop@unix.portal.com Message-ID: <151984@cup.portal.com> On the subject of starting "daemon" (detached, server?) processes on VMS, specifically at system startup time... Someone (David P. Murphy) points out that several of the methods mentioned so far are not satis- factory for various reasons. How about deferring the "daemon" startup until just after you've started the Batch queue, then SUBMITting (a) command procedure(s) under the desired username, which then, in turn, RUN/DETACHED the desired image(s)? That's how I'd do it, I think. Chris Chris_F_Chiesa@cup.portal.com / xetwnk@shell.portal.com / lvt-cfc@cyber1.servtech.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Chris_F_Chiesa@cup.portal.com Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 15 May 1996 09:20:04 -0700 Organization: The Portal System (TM) Sender: pccop@unix.portal.com Message-ID: <152067@cup.portal.com> David P. Murphy (whose e-mail return address Portal doesn't pull in for me here) writes: >by the way, has anyone else noticed the new argument to sys$creprc() >as of V7.0? you can specify a nodename. this is certainly useful, >and the "persona" system services may give a supported manner of >creating a demon under a different username, but there is no DCL >support for either of these abilities in V7.0 . . . i.e., neither >RUN /NODENAME= nor RUN /USERNAME= qualifiers. > >wish they would keep pace with each other. I've always felt that, TO SOME DEGREE, the existence and documentation of a system service or other "programmer's" facility was sufficient to CREATE a DCL interface to that facility. I assume that in MOST cases, that's how Digital does it (we overlook things like SHOW LOGICAL wild- card support)... However, there IS a fly in the ointment. Proper "DCL support" for e.g. the "persona" services, ought to mean not only that DCL commands equivalent to each system service exist, but also that the EFFECTS of those commands REMAIN in effect until explicitly undone, cancelled, or whatever. And THAT means Supervisor-mode programming, and THAT has never been documen- ted or supported. So MY wishlist would now be for a number of undocumented/unsupported VMS features to BECOME documented/supported: * $IMGACT, $IMGFIX, and any related system services * SYS$CLI * Debugger interface: i.e. how to write an image that does something useful when you do a LINK/DEBUG=myimage.EXE (there's already third- party code out that DOES this, so apparently the information is avail- able SOMEWHERE, but not "officially" AFAIK) * Supervisor-mode programming; how to write your own CLI to use instead of DCL I'd SETTLE for these things becoming DOCUMENTED; becoming SUPPORTED is not 100% necessary. Heck, half the things I'm ALREADY doing are unsupported just because I'm running too old a version of VMS; what would be the PRAC- TICAL difference if Digital simply collected all of the above items into a single "Unsupported Features Manual?" It could have a big fat disclaimer in large print at the front of the book, to the effect that "this informa- tion is included solely 'for completeness' -- that is, for the sake of the die-hard VMS guru who creaves full knowledge of the system -- but is in no way supported by Digital," and that "Digital will not answer questions, or address problems, arising from use or misuse of this manual or of the in- formation it contains." Heck, they could even make you sign a waiver be- fore they'd even SHIP the darned thing; I'D sign it! Chris Chiesa Chris_F_Chiesa@cup.portal.com (also xetwnk@shell.portal.com and now lvt-cfc@cyber1.servtech.com) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 10 May 1996 09:13:23 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4mv1bj$9kk@gap.cco.caltech.edu> In article , dpm@access1.digex.net (David P. Murphy) writes: = =by the way, has anyone else noticed the new argument to sys$creprc() =as of V7.0? you can specify a nodename. this is certainly useful, =and the "persona" system services may give a supported manner of =creating a demon under a different username, but there is no DCL =support for either of these abilities in V7.0 . . . i.e., neither =RUN /NODENAME= nor RUN /USERNAME= qualifiers. So let's see. DEC's given you what you've been whining for for years, and you're too fucking lazy to actualy write a program, eh? And you REALLY think you're competent to be writing and selling software? SHEESH! =wish they would keep pace with each other. Yeah, right. DEC does what you want, then you whinge about it. Why the fuck don't you get your head out of your ass, shit-for-brains? -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: dpm@access5.digex.net (David P. Murphy) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 10 May 1996 10:38:15 -0400 Organization: Phase of the Moon Software Inc. Alexandria, VA Message-ID: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) writes: >So let's see. DEC's given you what you've been whining for for years, and >you're too fucking lazy to actualy write a program, eh? i've been "whining" for "years" for a $SET_PERSONA() system service? no. to ask for something in a wishlist thread on comp.os.vms is "whining"? no. to ask for DCL commands which use existing system services is "whining"? no. carl's followup does not meet his own standards of "professionalism"? yes. carl will apologize for his rude and moronic post? no. carl will consider that, just possibly, his behavior is despicable? ha ha ha. >And you REALLY think >you're competent to be writing and selling software? SHEESH! yes, carl has discovered the truth: i am too fucking lazy to write a program, yet i think i'm competent to be writing software (however, i try to leave the "selling" to the sales & marketing people). unfortunately, his viewpoint is in direct opposition to reality. therefore, i have made several modifications to the universe so as to conform to the OfficialCarlImage of my world: > i have deleted all of my source code, object libraries, images, command procedures, CMS libraries, release notes, reference manuals, user guides, project schedules, and even the .MAPs from my system. at first i thought there would be a great number of files to delete, but then i realized i am too fucking lazy to write a single program, and magically my development disk was almost empty! > i have sacrificied all of my notebooks and printed documention to the OmniscientCarlGod via a huge bonfire in the parking lot. > i have rammed a soldering iron up my nose to burn out all of the (according to carl) false knowledge which lived there. i didn't need much voltage for those pathetically weak "dpm" brain cells! > i have signed up my co-workers for lobotomies, to purify them of any taint of my incompetent software. > i have hired richard "demo dick" marcinko to "remove" all of the ViewPoint customers who were so asininely foolish as to purchase software to which i contributed. obviously the world will be a better place without them. > i have pledged my life, my fortune, and my sacred honor to learning every part of OpenVMS before i dare write a single line of code again. > i have returned to my employer every cent they have paid me in wages over the last thirty-three months, since i have not earned any of it by writing programs. i trust carl will inform me of any steps i have overlooked. >=wish they would keep pace with each other. >Yeah, right. DEC does what you want, then you whinge about it. Why the fuck >don't you get your head out of your ass, shit-for-brains? DEC did not, in fact, do what i want: i asked for $ RUN /DETACHED /USERNAME= which does not, in fact, exist. and because carl is *not* a developer, he conveniently overlooks the fact that the "persona" services are available only under V6.2 and higher, while my software must support V5.5 and higher; the new services are not useful to me, since i need a common solution. by carl's "logic", my startup procedure should not even use the RUN /DETACHED command because i could write a program which could call $CREPRC() directly. it is now 8:40 AM on friday 10 may 1996. nineteen hours ago my wife suffered a miscarriage in her tenth week and lost the baby. how appropriate that the first article i read this morning is an extremely stupid and unwarranted screech from a sociopath who is totally ignorant of who i am, what i am trying to do, what i have accomplished, and what contributions i have made to the VMS world. nor was i surprised that he made the extra effort of mailing me a copy of his insulting, incorrect, and content-free tirade. i would, however, like to sincerely thank Nigel Arnot for his task-to-task suggestion, as well as Kenneth Fairfield and "not" from wales for their independent suggestions on creating a temporary queue. i am considering these ideas, and perhaps i will be able to use one of them. it is helpful advice such as theirs that makes comp.os.vms a useful newsgroup. ok dpm -- David P. Murphy mailto:murphy@connor.datametrics.com (work) systems programmer mailto:dpm@access.digex.net (personal) http://www.access.digex.net/~dpm COGITO ERGO DISCLAIMUM ftp://ftp.access.digex.net/pub/access/dpm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 15 May 1996 20:54:12 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4ndg9k$b6s@gap.cco.caltech.edu> In article , dpm@access5.digex.net (David P. Murphy) writes: =i've been "whining" for "years" for a $SET_PERSONA() system service? =no. No, shit-for-brains, you've been whining about a way to run a process under a different username that doesn't violate your wholly irrational alleged "security requirements." $SET_PERSONA meets the requirements you've been stating. As usual, once you get an answer that meets your stated requirements, you make up a new set of requirements and whine that that solution doesn't meet them. Face it, Dave: You don't want a solution to your alleged problem, you want DEC to write your software for you and let you sell it for your own profit. =DEC did not, in fact, do what i want: i asked for $ RUN /DETACHED /USERNAME= =which does not, in fact, exist. No, you asked for a way to run a process under a different username that: 1) Is supported; 2) Is documented; 3) Does not use batch jobs; 4) Does not use DECnet. DEC has provided that. =and because carl is *not* a developer, he =conveniently overlooks the fact that the "persona" services are available =only under V6.2 and higher, while my software must support V5.5 and higher; Ah, so now Dave believes that somehow if he whines long enough, VMS v5.5 will magically change to do something it doesn't. =the new services are not useful to me, since i need a common solution. And you've been provided with many such solutions. Whenever you're provided with one, you invent new restrictions which you claim make the solutions unuseful to you. Why is it that you never state all these requirements at the beginning of a thread, Dave? Why do you only state them after solutions which meet all of your originally stated requirements have been posted? =it is now 8:40 AM on friday 10 may 1996. nineteen hours ago =my wife suffered a miscarriage in her tenth week and lost the baby. Well, at least if your stupidity's hereditary, it won't be passed on, then will it? -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: NoT Newsgroups: comp.os.vms Subject: COMMENT: on Carl's Comment (Re: openVMS 8.0 (how to create daemon)) Message-ID: <01I4ROOT3UJ203QYY0@NWB> Date: Thu, 16 May 1996 09:21:23 +0000 (GMT) Organization: Info-Vax<==>Comp.Os.Vms Gateway Carl, David, everyone, No technical input here. Just a question of plain human decency. I don't believe that flaming is justified anyway, but when it plumbs the depths of Carl's last comment to David (which I won't repeat), I think it's gone completely beyond. I don't know if Carl feels that an apology is in order... David, my sympathies. Please folks, try to keep personal flaming comments out of the discussions. -- o-Dzin [Work] IT, NWL, Cardiff Road, Newport, NP9 1YJ, Wales, UK Phone: 44-1633-810121x278 Fax: 44-1633-810820 Email: not@nwl.com -or- isodonovan@nwb.nwl.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: Arne Vajhoej Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <01I4S339TN848X16QV@kopc.hhs.dk> Date: Thu, 16 May 1996 16:25:08 +0100 Organization: Info-Vax<==>Comp.Os.Vms Gateway > =it is now 8:40 AM on friday 10 may 1996. nineteen hours ago > =my wife suffered a miscarriage in her tenth week and lost the baby. > > Well, at least if your stupidity's hereditary, it won't be passed on, then will > it? S/astronomy/decent human relations/W (if you get my point) Arne Arne Vajhøj local DECNET: KOPC::ARNE Computer Department PSI: PSI%23831001354030::ARNE Southern Denmark Business School Internet: ARNE@KO.HHS.DK WWW URL: http://www.hhs.dk/~arne/arne.html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: COMMENT: on Carl's Comment (Re: openVMS 8.0 (how to create daemon)) Date: 16 May 1996 14:29:16 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4nfe3s$hu4@gap.cco.caltech.edu> In article <01I4ROOT3UJ203QYY0@NWB>, NoT writes: =I don't know if Carl feels that an apology is in order... David, my =sympathies. No, I don't think an apology is in order. Dave decided to attempt emotional blackmail in order to divert attention from his apparent incompetence. I have little patience with blackmailers. -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: cwestbury@giant.intranet.com (Chris Westbury) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <1996May16.001828.15271@giant> Date: 16 May 96 00:18:28 EDT Organization: IntraNet, Inc., Newton MA In article , dpm@access5.digex.net (David P. Murphy) wrote: > > [I]t is now 8:40 AM on [F]riday 10 [M]ay 1996. [N]ineteen hours ago my > wife suffered a miscarriage in her tenth week and lost the baby. It can happen that, when one's personal life is going through a particularly rocky phase, one can lose one's sense of perspective. It's only Usenet! A lot of people read comp.os.vms and its gated mailing list. At any given moment, a certain number of them are enduring tragedies of various magnitudes. But they somehow manage to keep up a decent silence about their real lives, at least in this forum. -- Christopher Westbury, Midtown Associates, 15 Fallon Place, Cambridge, MA 02138 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 15 May 1996 20:48:34 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4ndfv2$b6s@gap.cco.caltech.edu> In article , dpm@access5.digex.net (David P. Murphy) writes: =because i don't want to store the password in the {product}_STARTUP.COM. =if you want to try to market a product which does this, go right ahead; =there's certainly no *technical* reason you cannot. Funny, DEC actually markets a product which stores passwords in the clear. Of course, the folks at DEC know enough to set reasonable protections on SYS$SYSTEM:NETOBJECT.DAT. =minus fifty points for not understanding basic security concepts. Minus 100 points to you for not understanding basic file protections. Minus another 100 points for deleting the fact that I also pointed out that instead of using SET HOST, you can use network tasks and proxies. =i said "i cannot use that method". i did not say "carl cannot use =that method", nor did i say "ken fairfield cannot use this method". =i gave no reason for my restriction, and i didn't even mention decnet. = =minus ten points for putting words in my mouth. Minus 50 points for being too damned stupid to understand that SET HOST uses DECnet. =david is unblissfully aware that participating in comp.os.vms carries the =heavy price of being flailed by the almighty omniscient carl. david tries =not to add unnecessary restrictions into his company's products. david is =proud to demonstrate that his Bullshit Peddler's License has never been used. =david sees nothing in the preceding paragraph which bears any relevance =to the current thread. David wants DEC to write his software for him, and then have Dave sell it and collect the profits. =TGV creates their demons under the SYSTEM username, so you lose ten points =for introducing a completely moot and useless tangent. You lose another 50 for once again ignoring proxies. I figure that as long as you act like a petulant child (ask a question; when you receive numerous answers that answer the question you asked, invent new requirements; when you receive answers that meet your new requirements, invent yet more requirements, ad nauseum), I'll treat you like one. How about next time you start up this idiotic thread, you actually post your full set of requirements in your first post instead of making them up as you go along? -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 15 May 1996 21:02:06 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4ndgoe$b6s@gap.cco.caltech.edu> In article <01I4KQ07DJ428WYZJT@kopc.hhs.dk>, Arne Vajhoej writes: =???? = =Why do you think a security minded site would be more happy with =decnet proxies or decnet objects than with a password in a file =owned by system and properly protected ? You mean other than the fact that DECnet proxies were invented specifically for the purpose of dealing with this sort of problem, Arne? Look, there are two possibilities: 1) When Dave's startup procedures are run, the proxy database is accessible and there's at least one DECnet object for which proxies are enabled; or 2) When Dave's startup procedures are run, nothing is making use of proxies. If the former is the case, then I don't see how one can call it a breach of security to have a proxy enabled which allows the SYSTEM account on a given node to start a DECnet object running under Dave's products account on the same node. If the latter is the case, then Dave's software can, without impacting any other software: 1) Create its own proxy database containing a single entry mapping SYSTEM to his product's username; 2) Create its own DECnet object which checks to make sure that the remote process is running under the SYSTEM account on the same node, and for which proxies are enabled; 3) Make a logical name definition in the SYSTEM table in executive mode pointing NETPROXY to his own database; 4) Access that DECnet object; 5) Deassign the logical name 6) Clear the DECnet object. =The best solution is probably SUBMIT/USER+RUN/DETACH or RUN/UIC as already =suggested by many. Except that Dave continues to insist that that's not feasible. -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Message-ID: <1996May17.203016.41@tachyon.com> From: wayne_alpha@tachyon.com (Wayne Sewell) Date: 17 May 96 20:30:16 CST Organization: Tachyon Software Consulting In article <4ndg9k$b6s@gap.cco.caltech.edu>, carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) writes: > Well, at least if your stupidity's hereditary, it won't be passed on, > then will it? Verbal abuse is one thing, and we're all used to hearing it by now, but this is a new low. -- =============================================================================== Wayne Sewell, Tachyon Software Consulting (214)553-9760 wayne@tachyon.com http://www.tachyon.com/www/tachyon.html and wayne.html pgp key via web/finger Key fingerprint = 77 A5 C1 56 9C ED F1 8E 89 F9 27 3C 86 79 F7 1B =============================================================================== The scariest thing about Jurassic Park was that the control systems were Unix. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: openVMS 8.0 (how to create daemon) Date: 21 May 1996 18:36:39 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4nt2fn$j3h@gap.cco.caltech.edu> In article <1996May17.203016.41@tachyon.com>, wayne_alpha@tachyon.com (Wayne Sewell) writes: =Verbal abuse is one thing, and we're all used to hearing it by now, but this is =a new low. Well, let's see now. Dave put a claim which was intended to garner him sympathy now that the inconsistencies in his claims of what he wanted (in one post, he claims that what he's been asking for is a DCL RUN/USERNAME command; in another, he insists that whatever solution he adopts work for VMS v5.5) are becoming obvious, in a post in which he makes a number of false claims; for example, he indicates that the idea of using network objects to start up the process is new to him (it was pointed out in at least two previous iterations of the thread; he dismissed it out of hand), and that the idea of using a dedicated queue is new to him (it, too, was pointed out in at least two previous iterations of the thread; he dismissed it, too, out of hand). Tell me, please, why I should even believe that the alleged miscarriage occurred, let alone tolerate the blatant attempt at emotional blackmail? -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: kevin@warnock.com (Kevin L. Warnock) Newsgroups: comp.os.vms Subject: Re: COMMENT: on Carl's Comment (Re: openVMS 8.0 (how to create daemon)) Date: Fri, 24 May 1996 20:09:40 GMT Organization: Document Automation Systems, LLC Message-ID: <4o55dq$nqd@news.aimnet.com> carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) wrote: >In article <01I4ROOT3UJ203QYY0@NWB>, NoT writes: >=I don't know if Carl feels that an apology is in order... David, my >=sympathies. >No, I don't think an apology is in order. Dave decided to attempt emotional >blackmail in order to divert attention from his apparent incompetence. I have >little patience with blackmailers. I used to use VMS, but switched to NT and Intel a few years ago. I used to read all about Carl's posts back then. I dropped into this group today for the first time in over a year. I was glad to see Carl's still here answering questions. I was never flamed by him, and I probably wouldn't like it, but I have to say this guy seems to really care about his vocation and must put in a ton of time to answer these questions. I don't think he is being mean, he's just the way he is. I hope he continues providing smart answers for a long time to come. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From: carl@SOL1.GPS.CALTECH.EDU (Carl J Lydick) Newsgroups: comp.os.vms Subject: Re: VMS Newbie Questions Date: 18 May 1996 11:13:38 GMT Organization: HST Wide Field/Planetary Camera Message-ID: <4nkbd2$did@gap.cco.caltech.edu> In article <4nk7rc$7ag@newsbf02.news.aol.com>, bat2788969@aol.com (BAT2788969) writes: =1.) If I have a SCSI Hard Drive formatted for another OS ho do I =format/prepare it for VMS? I have an Alpha with OPENVMS 6.2. If it's literally formatted for another O/S, you'll have to use a diagnostic procedure to reformat it (and possibly to reconfigure it to, e.g., use blocks of the proper size). But before you go that route, try the INITIALIZE command. =2.) How do I mount the installation CD for OpenVms so I can poke around? =How do I mount any CD --especially if I don't know the label? $ MOUNT/OVER=ID disk =3.) Does OpenVms come with any programming languages such as ASSEMBLER, =BASIC, LISP, or ADA? MACRO32 by default. Many others if you pay for them. =4.) If I type ---> 'MACRO' at the $ prompt I am prompted for a file name, = but after I enter a valid file name I get an error message telling me =that there was an error opening /executing image -- or something like =that. Why? Well, now, that would depend on what the message actually told you, now wouldn't it? This is comp.os.vms, not alt.read.my.mind. Why are some folks too damned stupid to realize that when the OS gives them information about the problem, the information just might be useful in diagnosing the problem? -------------------------------------------------------------------------------- Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My understanding of astronomy is purely at the amateur level (or below). So unless what I'm saying is directly related to VAX/VMS, don't hold me or my organization responsible for it. If it IS related to VAX/VMS, you can try to hold me responsible for it, but my organization had nothing to do with it.