[Info-vax] vms base priority watch
pcoviello at gmail.com
pcoviello at gmail.com
Tue Jul 12 09:05:43 EDT 2011
On Jul 11, 6:37 pm, John Wallace <johnwalla... at yahoo.co.uk> wrote:
> On Jul 11, 8:24 pm, "Richard B. Gilbert" <rgilber... at comcast.net>
> wrote:
>
>
>
>
>
> > On 7/11/2011 12:48 PM, pcovie... at gmail.com wrote:
>
> > > On Jul 11, 12:01 pm, "Richard B. Gilbert"<rgilber... at comcast.net>
> > > wrote:
> > >> On 7/11/2011 11:09 AM, pcovie... at gmail.com wrote:
>
> > >>> On Jul 11, 10:43 am, "Richard B. Gilbert"<rgilber... at comcast.net>
> > >>> wrote:
> > >>>> On 7/11/2011 9:46 AM, Bob Koehler wrote:
>
> > >>>>> In article<1f612927-5e98-44e0-91e2-d889916c4... at gh5g2000vbb.googlegroups.com>, "pcovie... at gmail.com"<pcovie... at gmail.com> writes:
> > >>>>>> ok well. I did ask a yes/no question! me bad! yes I understand the
> > >>>>>> non-prived user would not do this but... we have given users the
> > >>>>>> rights to do this early in the morning to get their jobs completed,
> > >>>>>> when there are less users on the system.
>
> > >>>>> If the system is otherwize idle at that time, that should have no affect.
> > >>>>> If only some users get to do this in the ealy hours, then it's worth while.
>
> > >>>>> VMS does not delay lowpriorityprocesses just to make them take
> > >>>>> longer, it there are no higherpriorityprocesses doing anything.
>
> > >>>> I can recall occasions during which a job was getting 99 percent of the
> > >>>> CPU at PriorityOne. The "hunt and peck" typists never noticed it!
>
> > >>> thanks everyone, I know it isn't the best solution, but as I said I
> > >>> just started the job and need to pick and choose what comes first...
> > >>> thinking about this some more and doing some digging I thought
> > >>> accounting would tell you who might have issued a command? after a
> > >>> year some things are still fuzzy, so haven't come up with anything
> > >>> yet, but I'm wondering as someone pointed out that what if they hit
> > >>> the time between the hour! so it might be best to see if I can audit
> > >>> who issued the command and see what time? any ideas?
>
> > >> Accounting is not going to tell you who issued a command unless that
> > >> command created a process. In Unix you can't blink without starting a
> > >> process or two. Not so in VMS!
>
> > >> Maybe you should back up a bit and define the problem you are trying to
> > >> solve!- Hide quoted text -
>
> > >> - Show quoted text -
>
> > > opps thought that's what I did but maybe not.. looking for a way to
> > > see who set priority during the day and what time to make sure they
> > > are not abusing it outside the hours they are allowed too...
>
> > > thanks
> > > Paul
>
> > I can't think of a way to determine who used privilege to override
> > normal priority assignments. I don't think it's a good idea to let
> > users tinker with scheduling priorities. If the work is not getting
> > done in the time available, you can try throwing resources at it.
> > That only works if you HAVE the resources.
>
> > You might look at the programs being run! Those who are not
> > programmers, frequently fail to write GOOD code. An optimizing compiler
> > can be a big help but it's not a substitute for code that was well
> > designed and written in the first place!
>
> Fortunately for other readers the VMS operating system is quite good
> at security. VMS is not Linux and it's definitely not Windows, but it
> has ways and means of doing many things which those other OSes think
> they don't need. In this case the relevant capability is tracking
> privileges and the use thereof.
>
> If that's what someone wants to do, VMS's security facilities can
> relatively trivially be used to track who did what in that respect,
> without programming or 3rd party software, but it may require a tiny
> bit of familiarity with basic VMS security concepts and facilities
> such as auditing, the audit log, etc.
>
> One DCL interface to these facilities is the SET AUDIT command, which
> is documented in the DCL Dictionary and the Guide to System Security.
>
> Interested readers can have a look at the DCL Dictionary, e.g. athttp://h71000.www7.hp.com/doc/83final/9996/9996pro_172.html
> and there you will find the use of the relevant SET AUDIT switches
> documented e.g. in this case
> /PRIVILEGE=SETPRI
> would audit the (successful or unsuccesful, as required) use of SETPRI
> privilege (or whatever other privilege(s) might be relevant).
>
> The rest of the details, such as the analysis of the audit log after
> the event, or the creation of an audit mailbox listener program to be
> notified in real-time when interesting security events happen, is also
> documented. Here is probably not the place for a free consultancy
> session in VMS security basics, though doubtless there are
> contributors here who would be happy to oblige, depending on scope
> perhaps without the 'free' piece?
>
> Whether priorities are actually relevant to the underlying question is
> a slightly different question. Time will tell.- Hide quoted text -
>
> - Show quoted text -
this is what I knew was out there just drawing a blank on what I was
looking for! thank you! as mentioned when you don't work with
something for a year, somethings tend to fade away :-( again thank
you!
and everyone for their help and advice!
I know their are some hurdles and challenges ahead. one of the
reasons I took the job, and of course desperation :-)
thanks
Paul
More information about the Info-vax
mailing list