INFO-VAX Thu, 31 Jan 2008 Volume 2008 : Issue 62 Contents: Re: "file locked by another user" mystery Re: CIFS on VMS, multi-user share per user security setup question Re: CIFS on VMS, multi-user share per user security setup question Re: Looking for a DECserver 200/MC/ or 300 Re: Looking for a DECserver 200/MC/ or 300 Re: PowerTerm 525 & eXcursion Re: Restricting Access to TCP/IP and DECnet Re: Restricting Access to TCP/IP and DECnet Re: Restricting Access to TCP/IP and DECnet Re: Restricting Access to TCP/IP and DECnet Re: Restricting Access to TCP/IP and DECnet Re: VT100 standards Re: VT100 standards and EDT ---------------------------------------------------------------------- Date: 31 Jan 2008 07:24:54 -0600 From: briggs@encompasserve.org Subject: Re: "file locked by another user" mystery Message-ID: In article , Fred Bach writes: > briggs@encompasserve.org wrote: >> In article <479FB364.4010505@triumf.ca>, Fred Bach writes: > > [snip] > > >>> One thing that IS important to know is that after an "ON" >>> condition is acted upon, the last pertinent ON statement is >>> more or less rendered 'cancelled' by its having its specified >>> action taken. The ON condition executed then returns to its >>> default condition, so another set of ON ... statements is >>> frequently needed. Now even though the HELP confirms this, >>> that IS something that I learned the hard way. And I had >>> built myself a little DCL test procedure to prove it and in >>> some of my coding you would find a block of ON conditions >>> repeated many times. The code looks funny, too. How does >>> a fellow set the *default* ON conditions themselves?? >> >> The default ON is "ON ERROR THEN EXIT" >> >> That continues sequential execution on warnings. >> And it exits on errors and severe errors. > > Many thanks for all the great ideas about $STATUS and $SEVERITY ! > You know, I will be using them. Looks like I've got a lot of editing > to do.... > > Is there some way to start a completely new daughter (or detached) > DCL process where these ON conditions can be set to default to > something other than ON ERROR THEN EXIT? Thanks. Well, you can redefine "EXIT" as a DCL SYMBOL. Tested -- it actually works and affects the behavior of the default "ON ERROR THEN EXIT" handler. Using this technique, testing shows that the default handler is re-enabled as often as needed. It is not a "one-shot" like the user-specified ON THEN handlers. Obviously, that approach is not very practical. No, I don't know of any way to control what ON THEN handler DCL reverts to after a user-specified ON THEN handler is activated. ------------------------------ Date: Thu, 31 Jan 2008 07:46:34 -0600 From: "Craig A. Berry" Subject: Re: CIFS on VMS, multi-user share per user security setup question Message-ID: In article <18bb3568-1039-4310-a107-3ccdbf6b18a7@i72g2000hsd.googlegroups.com>, Rich Jordan wrote: > Another wierdness. With auditing enabled for access failures, when I > try to map a drive I get a series of access failures from an Apache > (SWS) process trying to do a "read file attributes request" on the > root directory of the system's only disk. The error is a %SYSTEM-F- > NOPRIV > > This happens on a failed connection, after the server has been chewing > on the request for about 10 seconds (its an AS200 4/233 so its pretty > slow with CIFS). The windows client pops up the username dialog again > about the time these Apache errors finish. It is repeatable. > > Apache is running on the system, but why would it be involved in any > way with CIFS and a client connection attempt? My first thought was that it might be attempting a WebDAV connection even though that makes no sense in this context. So I typed "samba" and "webdav" into Google, and the second hit was this post from erstwhile c.o.v denizen David Mathog: http://lists.samba.org/archive/samba/2004-September/093222.html where he says, "Personally I think this is a massive bug in XP. There's absolutely no reason why SMB connections should trigger web accesses back to the file server." Not sure where that gets you, other than misery loves (good) company. -- Posted via a free Usenet account from http://www.teranews.com ------------------------------ Date: Thu, 31 Jan 2008 07:44:20 -0800 (PST) From: Rich Jordan Subject: Re: CIFS on VMS, multi-user share per user security setup question Message-ID: <8087d53b-8195-4fef-814a-3dabf039dfb4@l32g2000hse.googlegroups.com> On Jan 31, 7:46 am, "Craig A. Berry" wrote: > In article > <18bb3568-1039-4310-a107-3ccdbf6b1...@i72g2000hsd.googlegroups.com>, > Rich Jordan wrote: > > > Another wierdness. With auditing enabled for access failures, when I > > try to map a drive I get a series of access failures from an Apache > > (SWS) process trying to do a "read file attributes request" on the > > root directory of the system's only disk. The error is a %SYSTEM-F- > > NOPRIV > > > This happens on a failed connection, after the server has been chewing > > on the request for about 10 seconds (its an AS200 4/233 so its pretty > > slow with CIFS). The windows client pops up the username dialog again > > about the time these Apache errors finish. It is repeatable. > > > Apache is running on the system, but why would it be involved in any > > way with CIFS and a client connection attempt? > > My first thought was that it might be attempting a WebDAV connection > even though that makes no sense in this context. So I typed "samba" and > "webdav" into Google, and the second hit was this post from erstwhile > c.o.v denizen David Mathog: > > http://lists.samba.org/archive/samba/2004-September/093222.html > > where he says, "Personally I think this is a massive bug in XP. There's > absolutely no reason why SMB connections should trigger web accesses > back to the file server." > > Not sure where that gets you, other than misery loves (good) company. > > -- > Posted via a free Usenet account fromhttp://www.teranews.com Craig, that sure sounds like a possibility. And it sure sounds like yet another inexplicable microsoft "feature" at work, as David suspected. Thanks for the heads-up. Even at full logging, nothing was showing up in the Samba logs, and I wasn't seeing anything useful in the Apache logs either. Rich ------------------------------ Date: Thu, 31 Jan 2008 10:00:35 -0500 From: "David Turner, Island Computers" Subject: Re: Looking for a DECserver 200/MC/ or 300 Message-ID: <13q3okgn0g95hc9@news.supernews.com> If you could use a DSRVZ-MC 32port Decserver 900 I have a few -- David B Turner Island Computers US Corp 1207 East Highway 80 Suite D Tybee GA 31328 Toll Free: 877-6364332 x201 Intl: 912 786 8502 x201 Fax: 912 786 8505 E: dturner@islandco.com F: 912 201 0402 W: http://www.islandco.com The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. "Richard B. Gilbert" wrote in message news:47A12E77.2080100@comcast.net... > tomarsin2015@comcast.net wrote: >> On Jan 29, 4:53 am, VAXman- @SendSpamHere.ORG wrote: >> >>>In article >>><48072fe0-b8ca-4517-90c8-491429780...@i7g2000prf.googlegroups.com>, >>>"tomarsin2...@comcast.net" writes: >>> >>> >>> >>> >>>>Hello >>>>Was wondering if anybody has a 200/MC or 300 laying around that they >>>>are not using and really dont want to send the item(s) to the trash. >>>>tks >>>>phil >>>>p.s. >>>>trying to stay away from e-smell (ebay), and this is for personal use. >>> >>>I had one and gave it away. Any reason why you want a 200/MC or 300 >>>specifically? >>> >>>-- >>>VAXman- A Bored Certified VMS Kernel Mode Hacker >>>VAXman(at)TMESIS(dot)COM >>> >>> "Well my son, life is like a beanstalk, isn't it?" >>> >>>http://tmesis.com/drat.html >> >> >> Hello >> Found out that the power supply board blew. The part # is 30-27484-01, >> POWER SUPPLY, 59W 3 OUTPUT. Just wondering is this a generic power >> supply or did DEC do something special so it would only work in the >> 100/200/300 series? >> tks >> phil > > Knowing DEC, the power supply is probably unique to that model DECserver > or at most to a couple of similar models. DEC appeared to design > EVERYTHING from scratch > ------------------------------ Date: 31 Jan 2008 16:04:18 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Looking for a DECserver 200/MC/ or 300 Message-ID: <47a1f182$0$25057$607ed4bc@cv.net> In article <13q3okgn0g95hc9@news.supernews.com>, "David Turner, Island Computers" writes: >If you could use a DSRVZ-MC 32port Decserver 900 I have a few OK. I'll take one. They're free right? ;) -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: 31 Jan 2008 07:29:07 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: PowerTerm 525 & eXcursion Message-ID: In article <60b7m7F1q8vfcU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > Current MS products resemble NT about as much as VMS resembles CP/M. > Microsoft never wanted NT to be like VMS. They prefer it to be wanted > and used by customers. If NT was like VMS, it would break the MS business plan. They feel they compete only with themselves, and must guarantee that next year's product is better than this year's product. Which means there is (probably unplanned) pressure to include bugs in this year's product, and no pressure to get them out. Imagine such a business plan in which an 11/785 running VMS 4.7 is still alive and well? ------------------------------ Date: Thu, 31 Jan 2008 01:57:43 -0800 (PST) From: IanMiller Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: <38bcdfed-8c7d-479c-880c-338c15eb18d0@s19g2000prg.googlegroups.com> Note that allowing telnet means a valid username & password for your systems are travelling over the internet unencrypted. ------------------------------ Date: 31 Jan 2008 07:17:36 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: In article , "Robert Jarratt" writes: > Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) on a > per-user basis? In other words I would like someone to be able to access my > machine, but not to go from that machine to anywhere else on the network. You can block access to DECnet by making sure the acconut does not have NETMBX privilege. TCP/IP (I assume ytou mean HP's) I don't know about. ------------------------------ Date: 31 Jan 2008 07:20:52 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: <+qIY+3VhprSS@eisner.encompasserve.org> In article , "Robert Jarratt" writes: > > Thanks for all the replies. A few people have pointed out that my question > is not entirely clear. The reason I want to do this is that I want to give > an acquaintance access to my hobbyist VAX. I have opened up telnet access to > it from the internet, but the machine is on my home network and just to be > safe I would rather he be unable to go anywhere else on the home network, > including back out on to the internet. I suppose I could put the machine in > a DMZ if I was doing this properly, but my firewall server only has 2 nics > at the moment. > > I will remove NETMBX and see if that does the trick. You've asked about TELNET and DECnet, are you running any other protocols, such as LAT, that you might need to block? (I assume the system is not part of a cluster). ------------------------------ Date: Thu, 31 Jan 2008 15:17:27 GMT From: Tad Winters Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: Jim Duff wrote in news:47a0707e$1@dnews.tpgi.com.au: > Bob Gezelter wrote: >> On Jan 29, 6:58 pm, "Robert Jarratt" wrote: >>> Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) >>> on a per-user basis? In other words I would like someone to be >>> able to access my machine, but not to go from that machine to >>> anywhere else on the network. >>> >>> Thanks >>> >>> Rob >> >> Rob, >> >> WADU, I will have to disagree with Jim Duff. Restricting access to >> particular images is a good idea, but since these are essentially >> non- privileged images, a (somewhat) inventive user can circumvent >> the security by finding and using copies of the images or >> equivalent from his own directory. >> [snip] > > How is the user going to get a copy of the executable if it is > marked ACCESS=NONE? > > Jim It occurs to me that the user's account could have the disimage flag set and also have a customized version of DCLTABLES, which did not include the necessary commands to either make an outbound connection or further update the process copy of the command tables to add such access. Tad ------------------------------ Date: 31 Jan 2008 16:06:26 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: <47a1f202$0$25057$607ed4bc@cv.net> In article , Tad Winters writes: >Jim Duff wrote in >news:47a0707e$1@dnews.tpgi.com.au: > >> Bob Gezelter wrote: >>> On Jan 29, 6:58 pm, "Robert Jarratt" wrote: >>>> Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) >>>> on a per-user basis? In other words I would like someone to be >>>> able to access my machine, but not to go from that machine to >>>> anywhere else on the network. >>>> >>>> Thanks >>>> >>>> Rob >>> >>> Rob, >>> >>> WADU, I will have to disagree with Jim Duff. Restricting access to >>> particular images is a good idea, but since these are essentially >>> non- privileged images, a (somewhat) inventive user can circumvent >>> the security by finding and using copies of the images or >>> equivalent from his own directory. >>> [snip] >> >> How is the user going to get a copy of the executable if it is >> marked ACCESS=NONE? >> >> Jim > >It occurs to me that the user's account could have the disimage flag set >and also have a customized version of DCLTABLES, which did not include >the necessary commands to either make an outbound connection or further >update the process copy of the command tables to add such access. Correct. That's been done in the past to restricted accounts to restrict the user(s) to only that which they are _required_ to do to perform their work and functions. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Thu, 31 Jan 2008 22:44:25 +0800 From: "Richard Maher" Subject: Re: VT100 standards Message-ID: Hi, Is anyone willing to discuss at length the escape sequences for lighting up my VT100 LEDs? If we could incorporate that with some form of ^G pitch control then I really think we can show off VMS's core strengths :-( Regards Richard Maher PS. Is it true that VT100s shipped with a choice of cord length? I've often wondered what the part numbers might have been. ------------------------------ Date: 31 Jan 2008 13:56:32 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: VT100 standards and EDT Message-ID: <60e2cgF1q92r0U1@mid.individual.net> In article , Roger Ivie writes: > On 2008-01-31, Michael Moroney wrote: >> I learned this the hard way when my allegedly ANSI Standard >> H19 terminal didn't work with EDT. > > Yeah, but the H19 worked very well with EDT in VT-52 mode. I thought the H19 did VT52 not VT100. I know the termcap entry for it uses VT52 style escape codes and not VT100 style. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ End of INFO-VAX 2008.062 ************************