Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!infinet!sena
From: sena@infinet.UUCP (Fred Sena)
Newsgroups: comp.databases
Subject: Re: Ingres ABF Permissions
Keywords: unix permissions abf ingres
Message-ID: <2643@infinet.UUCP>
Date: 27 Nov 90 14:00:23 GMT
Organization: Memotec Datacom, Inc.  North Andover, MA
Lines: 39
In-Reply-To: <1873@amsaa-seer.BRL.MIL>
Cc:

(I tried to email this, but it bounced back)

In article <1873@amsaa-seer.BRL.MIL> you write:
>
>Scenario:
>
>  Equipment:
>    SunOS Release 4.1 on a Sun 4/330 using ingres 6.3/01 (su4.u42/01)
>    with patch #900820a (Dated August 20, 1990) applied.
>
>  Problem:
>    ABF seems to allow any user to modify/destroy DBA applications/frames.
>
>--
>Tom Hagadorn       hagadorn@brl.mil or hagadorn@amsaa-seer.brl.mil

Do you see the same effect when you log in directly as a user instead of
using su?  If you haven't tried that it might be a good idea.

ABF may check the ACTUAL user id, not the EFFECTIVE user id.  The 'su'
command only changes your EFFECTIVE user id.  You can see your ACTUAL user id
via the command 'who am i', and your EFFECTIVE user id via the command
'whoami'.

I have been curious about how ABF checks the user name for permissions, but I
have not had the time to try it myself.

	-good luck
	--fred

--------------------------------------------------
Frederick J. Sena                sena@infinet.UUCP
Memotec Datacom, Inc.  N. Andover, MA


-- 
--------------------------------------------------
Frederick J. Sena                sena@infinet.UUCP
Memotec Datacom, Inc.  N. Andover, MA