Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!ucbcad!ucbvax!VENUS.YCC.YALE.EDU!LEICHTER From: LEICHTER@VENUS.YCC.YALE.EDU ("Jerry Leichter ", LEICHTER-JERRY@CS.YALE.EDU) Newsgroups: comp.os.vms Subject: re: BACKUP under VMS 4.6 needs PHY_IO !?!?! Message-ID: <8801082320.AA20704@ucbvax.Berkeley.EDU> Date: 7 Jan 88 16:53:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 51 ... [U]sing BACKUP for saving files on tape (for example) by an non-privileged user, the user gets this obscure error message : %BACKUP-F-LABELERR, error in tape label processing on MU:[]FOOFOO.BCK; -SYSTEM-F-BADPARAM, bad parameter value. We then asked the TSC center. This is a well known bug under VMS 4.6 they said.... BACKUP currently needs the privilege PHY_IO ! I don't remember the details of this exactly, but I think the problem is really in one of the magtape drivers, not in BACKUP as such. ...We decided to [install BACKUP with PHYS_IO, but it fails with the message]: %DCL-W-ACTIMAGE, error activating image ENCRYPSHR -CLI-E-IMGNAME, image file DUA0:[SYS0.][SYSLIB]ENCRYPSHR.EXE;3 -SYSTEM-F-PRIVINSTALL, shareable images must be installed to run privileged image Image SYS$LIBRARY:ENCRYPSHR.EXE must also be installed with that privilege! ... No; it need merely be INSTALL'ed. No privileges are required, and in fact installing a shareable image WITH privileges is meaningless - the privileges will never be used for anything. INSTALL'ing SYS$LIBRARY:ENCRYPSHR.EXE is quite safe. Since the problem only comes up with backups directly to tape, installing BACKUP with PHYS_IO may be overkill. Giving a user PHYS_IO is dangerous, since with that privilege it is possible to do I/O's to the "raw disk" and scribble over any file you like. Giving BACKUP PHYS_IO is PROBABLY safe, since BACKUP isn't about to do random physical I/O's to the disk, no matter what you ask it to do. Possibly, it will be able to override some tape protections; it would take a real close look to be sure. I suspect there's really no perfect solution to the problems this bug causes; you'll have to evaluate your situation yourself. A lot depends on how often non-privileged users need to do backups to tapes. At many installations, this is rather rare - operators do regular backups, either from SYSTEM (or, prefer- ably) from special, controlled accounts that can be given PHYS_IO with only a very small added security exposure. Most users make limited use of tapes, and when they use them they don't write backups, but use some sort of appli- cation that deals with the tape directly. Other installations may have users who write backup tapes all the time - to do distributions, for example. These obviously will need a different approach - perhaps each such user can be given a second, captive account, which has PHYS_IO but is set up so that it can only be used to run BACKUP. -- Jerry