[Info-vax] Apache + mod_php performance

[Arne Vajhøj]

On 10/11/2024 5:43 PM, Craig A. Berry wrote:
> Well, you _can_ change the values:
> 
> $ show security/class=device bg111
> 
> _BG111: object of class DEVICE
>       Owner: [SYSTEM]
>       Protection: (System: RWPL, Owner: RWPL, Group: RWPL, World: RWPL)
>       Access Control List: <empty>
> 
> $ set security/class=device/protection=(w:r) bg111
> $ show security/class=device bg111
> 
> _BG111: object of class DEVICE
>       Owner: [SYSTEM]
>       Protection: (System: RWPL, Owner: RWPL, Group: RWPL, World: R)
>       Access Control List: <empty>
> 
> Note that World is now read, but write, physical, and logical have been
> removed.  But I don't really know if that accomplished anything.  It
> seems unlikely that BGDRIVER would just fill in values in a template
> that don't mean anything, but testing out exactly what the protections
> get you sounds like work.

The names give strong associations.

So I would expect:

IO$_READVBLK - need R
IO$_READLBLK - need R and L
IO$_READPBLK - need R and P
IO$_WRITEVBLK - need W
IO$_WRITELBLK - need W and L
IO$_WRITEPBLK - need W and P

And the guide to system security says:

<quote>
5.3.2. Types of Access
Devices can be shared and thus have concurrent users or be unshared and 
have a single user.
Shared devices support the following types of access:
Read Gives you the right to read data from the device
Write Gives you the right to write data to the device
Physical Gives you the right to perform physical I/O operations to the 
device
Logical Gives you the right to perform logical I/O operations to the device
Control Gives you the right to change the protection elements and owner 
of the device
Unshared devices support only read, write, and control access. The 
device driver rather than the
operating system's security policy defines the access requirements for 
other types of operations.
...
$QIO to file-oriented devices: disks and tapes
With file-oriented devices, logical I/O and physical I/O functions have 
common elements. Any
logical I/O function requires physical or logical access plus read 
access to read a block (READLBLK)
or write access to write a block (WRITELBLK). Any physical I/O function 
requires physical
access plus either read access to read a block (READPBLK) or write 
access to write a block
(WRITEPBLK). Logical and physical I/O also require LOG_IO and PHY_IO 
privileges, respectively.
...
$QIO to devices that are not file-oriented
With non-file-oriented devices, OpenVMS converts virtual read and write 
I/O requests to logical I/O
before processing them. Other kinds of access requests are not processed 
by OpenVMS; instead, the
request is passed to the device driver for processing.
In general, access requirements for devices that are not file oriented 
depend on whether the device is
shareable or nonshareable:
• Shareable device
With shareable devices, such as mailboxes, any virtual I/O function 
other than READVBLK/
WRITEVBLK is handled by the system I/O driver program. Any logical I/O 
function requires
privilege or logical access to the device. Any physical I/O function 
requires privilege or physical
access to the device.
• Unshareable devices
With unshareable devices, such as terminals or printers, the operating 
system checks only for read
or write access to perform virtual and logical I/O functions. Any 
physical I/O function requires
privilege.
</quote>

Which I read as confirmation. It works like expected for
file oriented devices and for shareable non file oriented
devices, but non shareable non file oriented devices ignore
L and P. BG devices are shareable non file oriented
devices.

Arne




Arne