TWADE@CSVAX.UCD.HEA.IRL.UUCP (06/20/87)
>Is their a way to set a process priority limit downward such that >the user can't set it back? The documentation for SET PROCESS/PRIORITY >and SYS$SETPRI seem to be misleading. It suggests that the user can't >set the base priority higher than the existing base priority when in >fact they can set it back to the former (uaf specified) value. It looks >like I would have to poke around in a system data structure; does anyone >know how to do it? Thanks. You could, after lowering the priority, run a program which calls $GETJPI to ascertain the caller's username and then call $SETUAI to lower the authorized priority. The program would have to be installed with the required privilege to modify the SYSUAF. ------------------------------------------------------------------------- Tom Wade Bitnet: twade@csvax.ucd.hea.irl Systems Programmer Ean: twade@csvax.ucd.irl Dept Computer Science PSI: PSI%+27243154000721::TWADE University College Dublin Telex: (0500) 91196 UCD EI Ireland. Voice: +353-1-693244 Ext 2472 -------------------------------------------------------------------------
briggs%gburg.DECnet@BLUTO.SCC.COM ("GBURG::BRIGGS") (06/24/87)
>>Is their a way to set a process priority limit downward such that >>the user can't set it back? The documentation for SET PROCESS/PRIORITY >>and SYS$SETPRI seem to be misleading. It suggests that the user can't >>set the base priority higher than the existing base priority when in >>fact they can set it back to the former (uaf specified) value. It looks >>like I would have to poke around in a system data structure; does anyone >>know how to do it? Thanks. > >You could, after lowering the priority, run a program which calls $GETJPI >to ascertain the caller's username and then call $SETUAI to lower the >authorized priority. The program would have to be installed with the >required privilege to modify the SYSUAF. Setting the base priority in the UAF isn't going to do any good here. You would have to get into kernel mode and diddle with the base priority field in the PCB to do any good. Changing the UAF would affect future logins but would not affect the currently active session. A previous responder also mentioned the possibility of SPAWNING a process at the new lowered priority. Sounds good to me if it works -- it is simple and takes no privilege to operate. The kernel mode hack is pretty simple too, but it would either stop working entirely or might start doing strange things when VMS v5 comes out. This is because the synchronization techniques required to access the scheduler's database (which includes the process PCB) are totally different under V5. John Briggs Arpa: BRIGGS@BLUTO.SCC.COM Ma: (301)840-1504 Snail: Contel ASD 1300 Quince Orchard Blvd Gaithersburg, Md 20878 ------ -------