Front page | perl.vmsperl |
Postings from January 2002
RE: Privileges won't let me "opendir"?
Thread Next
From:
BAZLEY, Sebastian
Date:
January 30, 2002 06:06
Subject:
RE: Privileges won't let me "opendir"?
Message ID:
FB30E6123B22D211B52800A0C9CFBB1901C7AD72@lones2.sema.co.uk
I've never understood why the vms.c routines bother checking access rights -
why not try the command, and let the standard system checks throw out any
invalid accesses?
There was another problem with DECNET logicals; the access checks did not
properly allow for the such devices. And I think NFS mounts may also have
problems, but I've not checked recently.
--
Sebastian Bazley <SBazley@london.sema.slb.com>
The opinions expressed herein are my own, and are not necessarily endorsed
by my employer ...
-----Original Message-----
From: PPrymmer@factset.com [mailto:PPrymmer@factset.com]
Sent: 29 January 2002 21:47
To: Tom Edelson
Cc: vmsperl@perl.org
Subject: Re: Privileges won't let me "opendir"?
Yes there seems may be a bug in interpreting non SS$_NORMAL returns
from vms.c:cando_by_name() that I have seen in perl 5.005_02 as well
(my test case was not a PRIV problem though).
It might be worthwhile considering some ACL tests in test.com (or were we
supposed to get rid of that procedure?).
Peter Prymmer
Tom Edelson
<Tom.Edelson@sas To: "'vmsperl@perl.org'"
<vmsperl@perl.org>
.com> cc:
01/29/2002 04:05 Subject: Privileges won't let
me "opendir"?
PM
The following seems like a bug to me, but maybe I'm missing something ...
The built-in "opendir" function doesn't seem to follow normal VMS security
rules. In particular, if I have access to a directory, but only because I
have privileges turned on, I think opendir should succeed, but it doesn't.
$ perl -v
This is perl, v5.6.1 built for VMS_AXP
[...]
With no access in the directory's security profile, and no privileges,
naturally I can't read the directory through DCL and opendir doesn't work
either:
$ DIR /SEC TEMP.DIR
Directory $1$DUA330:[HOSTVAX.TOEDEL.SCRATCH]
TEMP.DIR;1 [SYSTEM] (RWE,RWE,RE,)
Total of 1 file.
$ SET PROCESS /PRIVILEGE=(NOALL,NETMBX,TMPMBX)
$ DIR [.TEMP]
%DIRECT-E-OPENIN, error opening $1$DUA330:[HOSTVAX.TOEDEL.SCRATCH.TEMP]*.
*;* as input
-RMS-E-PRV, insufficient privilege or file protection violation
$ perl -e "print ""<"", opendir ($dh, ""[.temp]""), "">"" "
<>
If I give myself BYPASS privilege, now I can read the directory through
DCL, but opendir still doesn't work:
$ SET PROCESS /PRIVILEGE=BYPASS
$ DIR [.TEMP]
Directory $1$DUA330:[HOSTVAX.TOEDEL.SCRATCH.TEMP]
FOO.TXT;1
Total of 1 file.
$ perl -e "print ""<"", opendir ($dh, ""[.temp]""), "">"" "
<>
Now if I change the protection on the directory so that the world can read
it, then opendir does work:
$ SET SECURITY /PROTECTION=W:RE TEMP.DIR
$ perl -e "print ""<"", opendir ($dh, ""[.temp]""), "">"" "
<1>
This is not good news when you're writing an installation program, whose
users generally have privileges, and may have some of the accesses that
they need only through privileges.
I suppose I could work around it by explicitly [and temporarily] giving
myself access to the directory from within the program. Anybody happen to
know if there's a way to do this other than invoking DCL from Perl, e.g.
with "system()"?
Thanks.
/ Tom Edelson
VMS Release Engineering
SAS Institute, Inc.
Tom.Edelson@sas.com
___________________________________________________________________________
This email is confidential and intended solely for the use of the
individual to whom it is addressed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
SchlumbergerSema.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited.
If you have received this email in error please notify the SchlumbergerSema Helpdesk by telephone on +44 (0) 121 627 5600.
___________________________________________________________________________
Thread Next