× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



How are the directories being created on the target Windows machine? Is the UID a member of a group that has Traverse Folder / Execute File permission on that directory? Does the user have Full Control permissions in the net share within which the directory exists?

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Michael Ryan
Sent: Thursday, July 14, 2011 8:47 AM
To: Midrange Systems Technical Discussion
Subject: Re: qsyseteuid with QNTC

More information...I have a CLLE that calls an RPG to generate a list (a file) of eligible files to copy. Control then returns to the CLLE where it reads the list, and based on other criteria, uses the CPY command to copy the file to a QNTC directory. If the directory is empty, the first file in the list is copied, and every other CPY (it's in a loop) fails with a CPFA083 - Insufficient authority to replace object <blah>. But object <blah> does not exist in the target directory - just one file with a different name exists in the target directory. Any thoughts?

On Thu, Jul 14, 2011 at 8:58 AM, Michael Ryan <michaelrtr@xxxxxxxxx> wrote:
Pat...the profile under which the job is initially running has
*ALLOBJ. I'm seeing something interesting. If the target directory is
empty, the first copy works successfully. Every copy after that fails
with an authority issue. If the target directory is not empty, every
copy fails with insufficient authority. Any ideas about that?

On Wed, Jul 13, 2011 at 10:23 PM, Patrick Botz
<botz@xxxxxxxxxxxxxxxxxxxxx> wrote:
The profile under which the job is initially running, must have *use
authority to the profile with the UID to which you want to "seteuid" to.
 You can use adopted authority to get the authority to the user
profile. In other words, the program that calls the qsyseteuid() api
can be owned by a profile that has *allobj or a profile that has *use
to the profile represented by the UID you are trying to change to.  
Only grant a profile *use to another profile if it is a "service
profile" that cannot be logged into.

The qsyseteuid() api essentially does the same thing as the profile
handle APIs, but it only changes the profile udner which the job runs
(not the groups).  Note you could also accomplish the same thing by
doing a qsysetegid(), and you wouldn't lose the audit thread for the
real profile making the change.


Patrick Botz

Botz & Associates, Inc.
pcbotz@xxxxxxxxx
Office 507 319 5206
Cell 507 250 5644
http://www.botzandassociates.com

President, Valid Technologies
pcbotz@xxxxxxxxxxxxx
http://www.validtech.com



On Wed, Jul 13, 2011 at 2:33 PM, Michael Ryan <michaelrtr@xxxxxxxxx> wrote:

Hello all...I'm trying to copy files from the IFS to a QNTC share.
If I sign on as a specific user, I have the authority to copy. I'm
trying to use qsyseteuid so I can run the program as any user. I do
a WRKJOB and see this:

Current user profile  . . . . . . . . . . . :   <special user> Job
user identity . . . . . . . . . . . . . :   <special user>
 Set by  . . . . . . . . . . . . . . . . . :     *DEFAULT

So I would think that I have the authority, but I get an
'insufficient authority' message when attempting the copy. Is
qsyseteuid not the right procedure?

Thanks in advance...
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.