hagadorn@amsaa-seer.BRL.MIL (Thomas Hagadorn) (11/01/90)
Well, time to see if the net can come up with an answer before ingres support does. Scenario: Equipment: SunOS Release 4.1 on a Sun 4/330 using ingres 6.3/01 (su4.u42/01) with patch #900820a (Dated August 20, 1990) applied. Problem: ABF seems to allow any user to modify/destroy DBA applications/frames. Example: As DBA of an existing database, create a test application in ABF with a couple of test frames. Exit ABF. su to another account/username. Now go back into ABF and try to edit information for the test frames such as form name and source code file name. If you wish, try to destroy the frame or even the entire application (you shouldn't be able to do this, but I don't seem to have any trouble doing it). Exit ABF. Now su back to the DBA account and enter ABF. You will see that any changes you made as the other user are in effect -- in fact, if you had destroyed the application, you would see that it wasn't there! So, how do I get rid of this behavior? Changing the ING_ABFDIR and/or permissions didn't seem to do it, since the information being changed doesn't reside there. Obviously, it is a feature that other users should be able to work on someone else's application, however they certainly shouldn't be able to arbitrarily destroy others work. I can't imagine that noone has seen this behavior until now using the default installation build. -- Tom Hagadorn hagadorn@brl.mil or hagadorn@amsaa-seer.brl.mil
sena@infinet.UUCP (Fred Sena) (11/27/90)
(I tried to email this, but it bounced back) In article <1873@amsaa-seer.BRL.MIL> you write: > >Scenario: > > Equipment: > SunOS Release 4.1 on a Sun 4/330 using ingres 6.3/01 (su4.u42/01) > with patch #900820a (Dated August 20, 1990) applied. > > Problem: > ABF seems to allow any user to modify/destroy DBA applications/frames. > >-- >Tom Hagadorn hagadorn@brl.mil or hagadorn@amsaa-seer.brl.mil Do you see the same effect when you log in directly as a user instead of using su? If you haven't tried that it might be a good idea. ABF may check the ACTUAL user id, not the EFFECTIVE user id. The 'su' command only changes your EFFECTIVE user id. You can see your ACTUAL user id via the command 'who am i', and your EFFECTIVE user id via the command 'whoami'. I have been curious about how ABF checks the user name for permissions, but I have not had the time to try it myself. -good luck --fred -------------------------------------------------- Frederick J. Sena sena@infinet.UUCP Memotec Datacom, Inc. N. Andover, MA -- -------------------------------------------------- Frederick J. Sena sena@infinet.UUCP Memotec Datacom, Inc. N. Andover, MA