× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Dan and Patrick...I'm gathering the answers to the questions. The
network guy will be getting back to me. Thanks!

On Fri, Jul 15, 2011 at 4:28 PM, Patrick Botz
<botz@xxxxxxxxxxxxxxxxxxxxx> wrote:
Can you give me the following information:

  - Authority to the directory to which the file is supposed to be copied
  (when empty and after the first copy)
  - Authority the profile (and any groups) under which the program begins
  running has to the directory and any objects in the directory .(if it has
  *allobj then no more info is needed, if not, is the profile the owner, or
  primary group, or does it have a private authority to the directory)
  - Authority the profile represented by the UID to which you are setting
  the eUID has to the directory and to any objects in the directory.


If you have *AUTFAIL auditing turned on, then do "CPYAUDJRNE AF".  Run an
SQL query (select the failing object path name, the program name and
library, the current userID and current groupID(s).  Make sure the program
getting the error is the one you expect. Make sure the path and object are
the ones you expect.

If you don't have auditing turned on, do a PF9 on the error message to get
more information.

Contact me offline if you want more help.

Patrick Botz

Botz & Associates, Inc.
pcbotz@xxxxxxxxx
Office 507 319 5206
Cell 507 250 5644
http://www.botzandassociates.com

President, Valid Technologies
pcbotz@xxxxxxxxxxxxx
http://www.validtech.com



On Thu, Jul 14, 2011 at 7:58 AM, Michael Ryan <michaelrtr@xxxxxxxxx> wrote:

Pat...the profile under which the job is initially running has
*ALLOBJ. I'm seeing something interesting. If the target directory is
empty, the first copy works successfully. Every copy after that fails
with an authority issue. If the target directory is not empty, every
copy fails with insufficient authority. Any ideas about that?

On Wed, Jul 13, 2011 at 10:23 PM, Patrick Botz
<botz@xxxxxxxxxxxxxxxxxxxxx> wrote:
The profile under which the job is initially running, must have *use
authority to the profile with the UID to which you want to "seteuid" to.
 You can use adopted authority to get the authority to the user profile.
In
other words, the program that calls the qsyseteuid() api can be owned by
a
profile that has *allobj or a profile that has *use to the profile
represented by the UID you are trying to change to.  Only grant a profile
*use to another profile if it is a "service profile" that cannot be
logged
into.

The qsyseteuid() api essentially does the same thing as the profile
handle
APIs, but it only changes the profile udner which the job runs (not the
groups).  Note you could also accomplish the same thing by doing a
qsysetegid(), and you wouldn't lose the audit thread for the real profile
making the change.


Patrick Botz

Botz & Associates, Inc.
pcbotz@xxxxxxxxx
Office 507 319 5206
Cell 507 250 5644
http://www.botzandassociates.com

President, Valid Technologies
pcbotz@xxxxxxxxxxxxx
http://www.validtech.com



On Wed, Jul 13, 2011 at 2:33 PM, Michael Ryan <michaelrtr@xxxxxxxxx>
wrote:

Hello all...I'm trying to copy files from the IFS to a QNTC share. If
I sign on as a specific user, I have the authority to copy. I'm trying
to use qsyseteuid so I can run the program as any user. I do a WRKJOB
and see this:

Current user profile  . . . . . . . . . . . :   <special user>
Job user identity . . . . . . . . . . . . . :   <special user>
 Set by  . . . . . . . . . . . . . . . . . :     *DEFAULT

So I would think that I have the authority, but I get an 'insufficient
authority' message when attempting the copy. Is qsyseteuid not the
right procedure?

Thanks in advance...
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.