Path: utzoo!utgpu!water!watmath!clyde!rutgers!sri-spam!zodiac!ucbcad!ucbvax!amherst!JWMANLY From: JWMANLY@amherst ("John W. Manly") Newsgroups: comp.os.vms Subject: (none) Message-ID: <8801081034.AA07674@ucbvax.Berkeley.EDU> Date: 7 Jan 88 20:55:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 35 Hi, everyone: > I have a question regarding the $CHKPRO system service, that wonderful > routine that let's us poor unfortunates do our own access checking. I have > been trying to find out what purpose, exactly, the CHP$_FLAGS item list > entry serves. In particular, the CHP$V_READ and CHP$V_WRITE flags. Well, after a quick read of the microfiche I have answered my own question. For your own personal enrichment, here is the scoop on the $CHKPRO system sevice in general and the CHP$L_FLAGS argument in particular. The CHK$V_READALL bit is used during the privilege check, and here is how it works: If the user has BYPASS privilege then he is granted access, if the user has READALL privilege AND the CHP$V_READALL bit is set in the CHP$L_FLAGS argument, he is granted access. Thus, the CHP$V_READALL bit can be thought of as controlling whether or not the READALL privilege is equivalent to the BYPASS privilege when performing this access check. For those of you writing code which uses the $CHKPRO service to control access to some non-standard object, note that this behavior of the readall privilege is probably not quite what you had in mind. The Security Manual states that the READALL privilege grants READ and CONTROL access only. For the $CHKPRO system servcie, READALL grants FULL access. (This is, however, not a big deal since CONTROL would ordinarily allow you full access to the object, you would just have to change its protection first.) As for the CHK$V_READ and CHP$V_WRITE bits, they are ONLY used by the check involving non-discretionary access controls. Thus, if you do not have the optional SES package installed, these bits are ignored. (Although, for the sake of future generations, a software designer would be well advised to set them correctly anyway in case his software was ever run on a machine with SES.) BITNET: JWMANLY@AMHERST - John W. Manly PHONE: (413)542-2526 System Manager Amherst College