|
HP OpenVMS Systemsask the wizard |
|
The Question is: The command "set uic" is now obsolete in 7.1. I wonder why it's been removed. Is there an alternative that you can recommend? Thanks. The Answer is : The SET UIC command has been discouraged for many releases now, and the documentation was removed some time ago -- the SET UIC command has been known to cause various problems since shortly after it was originally implemented. (Things were much simpler back when SET UIC was implemented, when the central security attribute of the process was the UIC, and when compatibility with the features and behaviours of RSX-11M was central.) Example of problems known with SET UIC include a lack of auditing, issues around access control to devices associated with the process as well as data structures such as logical name tables and global sections, problems with subprocesses, and various other known incompatibilities. For access control and security, the appropriate solution is generally to simply not change the UIC -- there is far more to the process context than the process UIC field. Rather, use access control lists and ACLs to permit the necessary access. If you have an application that must change personas, OpenVMS V6.2 and later provide the persona system services -- these services permit a trusted application to (correctly) assume the persona of another user. Other options include installed images. Subsystem identifiers. DECnet task-to-task. Personna services "around" sys$creprc calls. Random version-dependent kernel-mode "impersonation" hacks. The SET RIGHTS [/ENABLE][/DISABLE] commands. SUBMIT/USER.
|