[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.

Tue Nov 8 08:11:17 EST 2016

On 08/11/16 12:37, Joe wrote:
> On Tuesday, November 8, 2016 at 10:39:49 AM UTC+1, Roy Omond wrote:

>> [...snip...]
>> A quick-n-easy way to start would be to copy SUBMIT.EXE to, say,
>> XUBMIT.EXE, and add a suitable entry (use VERB to get the current SUBMIT
>> command language definition, and edit accordingly) to
>> DCLTABLES.  Appropriate security setting can then be added to
>> the image file (e.g. AUDIT entries for successful access etc. etc.)
>
> Thank you once again,
> I tested this on my test machine and looks like I'm missing something here.
>
> Test_Joe> define/system/exe pni_submit DISK$USER:[SYSMGT.JOE.PNI_SUBMIT]pni_submit.exe
> Test_Joe> mc authorize add/id pni_submit_exec
> %UAF-I-RDBADDMSG, identifier PNI_SUBMIT_EXEC value %X80010183 added to rights database !!!!! Yet to configure ACL's
> Test_Joe> install add pni_submit /open/header/priv=(cmkrnl)
> Test_Joe> set command pni_submit.cld
> Test_Joe> create test.com
> $write sys$output f$edit(f$getjpi(0, "username"), "trim")
> $exit Exit
> Test_Joe> pni_submit test.com/noprint
> %CLI-F-SYNTAX, error parsing 'BURST'
> -CLI-E-ENTNF, specified entity not found in command tables
>
> *********
>
> .CLD: (Got the CLD file from SYS$SYSDEVICE:[SYS0.SYSCOMMON.SYSUPD]submit.cld)
> define type allowed_user
>     keyword system, default
>
> define verb pni_submit
>     image pni_submit
>     parameter p1,prompt="File",value(required,list,impcat,type=$infile)
>     .
>     .
>     .
>     qualifier user,     value(TYPE=allowed_user), DEFAULT
>

You *really* have to work with the current SUBMIT command language
definition.  The one you found in Sys$Update: is ancient and no
longer corresponds to your current SUBMIT.EXE image.

Here's the current SUBMIT.CLD from the Eisner (decuserve) VMS 8.3
system (I don't know what version you're running - you might like
to get the VERB utility to make 100% sure):

$ verb submit
define verb SUBMIT
    image SUBMIT
    parameter P1, prompt="File"
       value (required,list,impcat,type=$infile)
    qualifier AFTER
       value (required,type=$datetime)
    qualifier ATTRIBUTES, nonnegatable
       value (required,list)
       placement=positional
    qualifier BACKUP
    qualifier BEFORE
       value (default="TODAY",type=$datetime)
    qualifier BY_OWNER
       value (type=$uic)
    qualifier CHARACTERISTICS
       value (required,list)
    qualifier CLI
       value (required)
    qualifier CONFIRM
    qualifier CPUTIME
       value (required)
    qualifier CREATED
    qualifier DELETE
       placement=positional
    qualifier EXCLUDE
       value (required,list)
    qualifier EXPIRED
    qualifier FILE_ATTRIBUTES, nonnegatable
       value (required,list)
       placement=positional
    qualifier HOLD
    qualifier IDENTIFY, default
    qualifier KEEP
    qualifier LOG_FILE
       value (type=$file)
    qualifier MODIFIED
    qualifier NAME
       value (required)
    qualifier NOTE
       value (required)
    qualifier NOTIFY
    qualifier PARAMETERS
       value (required,list)
    qualifier PRINTER
       value (default="SYS$PRINT")
    qualifier PRIORITY
       value (required)
    qualifier QUEUE
       value (required)
    qualifier RAD
       value (required)
    qualifier REMOTE
    qualifier RESTART
    qualifier RETAIN, nonnegatable
       value (required,type=JOB_RETAIN)
    qualifier SINCE
       value (default="TODAY",type=$datetime)
    qualifier SNA, syntax=SUBMIT_SNA
    qualifier TRANSLATE, default
       value (default="EBCDIC",type=TRANSLATE_KEYWORDS)
       placement=positional
    qualifier USER
       value (required)
    qualifier WSDEFAULT
       value (required)
    qualifier WSEXTENT
       value (required)
    qualifier WSQUOTA
       value (required)
    qualifier RECORD_SIZE, nonnegatable
       value (required)
       placement=positional
    qualifier STYLE, nonnegatable, default
       value (type=STYLE_OPTIONS)
    qualifier TAB
       placement=positional
    disallow (REMOTE and (TAB or RECORD_SIZE or WSQUOTA or WSEXTENT or
       WSDEFAULT or USER or TRANSLATE or SNA or RETAIN or RESTART or
       QUEUE or PRIORITY or PRINTER or PARAMETERS or NOTIFY or
       NOTE or NAME or LOG_FILE or KEEP or IDENTIFY or HOLD or
       FILE_ATTRIBUTES or DELETE or CPUTIME or CLI or CHARACTERISTICS or
       ATTRIBUTES or AFTER or RAD))

define type JOB_RETAIN
    keyword ALWAYS
    keyword DEFAULT
    keyword ERROR
    keyword UNTIL
       value (required)

define syntax SUBMIT_SNA
    image SNASUBMIT

define type TRANSLATE_KEYWORDS
    keyword EBCDIC, default

define type STYLE_OPTIONS
    keyword CONDENSED, default
    keyword EXPANDED