Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU Path: utzoo!decvax!bellcore!petrus!sabre!zeta!epsilon!gamma!ulysses!ucbvax!acc.arpa!lars From: lars@ACC.ARPA Newsgroups: mod.computers.vax Subject: Set Protection=W:RWED/NAME_TABLE=LNM$JOB Message-ID: <8510230728.AA07878@UCB-VAX> Date: Tue, 22-Oct-85 12:50:00 EDT Article-I.D.: UCB-VAX.8510230728.AA07878 Posted: Tue Oct 22 12:50:00 1985 Date-Received: Wed, 23-Oct-85 13:29:32 EDT Sender: daemon@ucbvax.BERKELEY.EDU Reply-To: Organization: The ARPA Internet Lines: 31 Approved: info-vax@ucb-vax.arpa QUESTION: How to SET PROTECTION=WORLD:RWED /NAME_TABLE=LNM$JOB ? BACKGROUND: We encourage our users to log in using personal_name rather than a project account (enhances personal intercommunication and to some degree good work habits because of better trackability); yet we still need project based file protection, file quotas and ressource chargeback, and our organisation is not cleanly tree-structured (i.e. projects overlap, and sometimes involve contract workers whose file access should be restricted). Our solution is to use personal accounts for logging in, then switching to project accounts that have logins disabled; this is done with a utility program that checks authorization (using a local file in SYS$MANAGER) and then overwites UIC and ACCOUNT in PCB and JIB but leaves USERNAME intact. This worked fine on VMS 3.x, but on version 4.x we get in trouble because LNM$JOB is not accessible to the process after it changes UIC. A first iteration is to copy all entries into the process table, but this still leaves SPAWN disabled, and I'm sure EUNICE could get in trouble, too, when she learns about the neat new features. Before I dig into the fiche for info on how to patch ownership and/or protection of LNM$JOB, let me ask if anyone else has had occasion to do this ? / Lars Poulsen Advanced Computer Communications ------