|
Can you give me the following information:
- Authority to the directory to which the file is supposed to be copied
(when empty and after the first copy)
- Authority the profile (and any groups) under which the program begins
running has to the directory and any objects in the directory .(if it has
*allobj then no more info is needed, if not, is the profile the owner, or
primary group, or does it have a private authority to the directory)
- Authority the profile represented by the UID to which you are setting
the eUID has to the directory and to any objects in the directory.
If you have *AUTFAIL auditing turned on, then do "CPYAUDJRNE AF". Run an
SQL query (select the failing object path name, the program name and
library, the current userID and current groupID(s). Make sure the program
getting the error is the one you expect. Make sure the path and object are
the ones you expect.
If you don't have auditing turned on, do a PF9 on the error message to get
more information.
Contact me offline if you want more help.
Patrick Botz
Botz & Associates, Inc.
pcbotz@xxxxxxxxx
Office 507 319 5206
Cell 507 250 5644
http://www.botzandassociates.com
President, Valid Technologies
pcbotz@xxxxxxxxxxxxx
http://www.validtech.com
On Thu, Jul 14, 2011 at 7:58 AM, Michael Ryan <michaelrtr@xxxxxxxxx> wrote:
Pat...the profile under which the job is initially running has--
*ALLOBJ. I'm seeing something interesting. If the target directory is
empty, the first copy works successfully. Every copy after that fails
with an authority issue. If the target directory is not empty, every
copy fails with insufficient authority. Any ideas about that?
On Wed, Jul 13, 2011 at 10:23 PM, Patrick Botz
<botz@xxxxxxxxxxxxxxxxxxxxx> wrote:
The profile under which the job is initially running, must have *useIn
authority to the profile with the UID to which you want to "seteuid" to.
You can use adopted authority to get the authority to the user profile.
other words, the program that calls the qsyseteuid() api can be owned bya
profile that has *allobj or a profile that has *use to the profilelogged
represented by the UID you are trying to change to. Only grant a profile
*use to another profile if it is a "service profile" that cannot be
into.handle
The qsyseteuid() api essentially does the same thing as the profile
APIs, but it only changes the profile udner which the job runs (not thewrote:
groups). Note you could also accomplish the same thing by doing a
qsysetegid(), and you wouldn't lose the audit thread for the real profile
making the change.
Patrick Botz
Botz & Associates, Inc.
pcbotz@xxxxxxxxx
Office 507 319 5206
Cell 507 250 5644
http://www.botzandassociates.com
President, Valid Technologies
pcbotz@xxxxxxxxxxxxx
http://www.validtech.com
On Wed, Jul 13, 2011 at 2:33 PM, Michael Ryan <michaelrtr@xxxxxxxxx>
list
Hello all...I'm trying to copy files from the IFS to a QNTC share. If
I sign on as a specific user, I have the authority to copy. I'm trying
to use qsyseteuid so I can run the program as any user. I do a WRKJOB
and see this:
Current user profile . . . . . . . . . . . : <special user>
Job user identity . . . . . . . . . . . . . : <special user>
Set by . . . . . . . . . . . . . . . . . : *DEFAULT
So I would think that I have the authority, but I get an 'insufficient
authority' message when attempting the copy. Is qsyseteuid not the
right procedure?
Thanks in advance...
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
listTo post a message email: MIDRANGE-L@xxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.