Maybe it makes some sense. The user you mentioned who couldn't run the script was the only one who didn't have ALLOBJ. That was the only difference I saw in the environments. It appears that with ALLOBJ, the owner of the script file can execute it without having execute permission set.

Try this: Pick two users, one with ALLOBJ the other without. Sign on as the one with ALLOBJ. Create a script like this in QSH.

echo 'echo hello' > script.sh

Check the permissions

ls -l script*

If needed, set the permissions to -rw-rw-rw-

chmod all=rw script.sh

Run the script

script.sh

You'll either get the message that the script can't be found, or you'll see "hello" displayed. For me, as my user who has ALLOBJ, I saw "hello".

Now sign on as the other user. You'll have to change the directory to the first user's home

cd /home/otherUser

Then try to run the script again.

script.sh

Did it run?

Now delete the script and do the whole thing over again starting first with the user without ALLOBJ. Any difference? If not, then the user who is the OWNER of the script file can execute without x permission no matter if they have ALLOBJ or not. If there's a difference, ALLOBJ is the cause. This behavior may be different depending on security level, though Carol Woodbury says the difference between level 20 and higher is that in level 20, all users are given ALLOBJ when they are created and are not when created at a higher security level (http://www.ibmsystemsmag.com/ibmi/administrator/security/Getting-Rid-of--ALLOBJ/). Perhaps Chuck can chime in on security level behavior; I don't have boxes where I can change level.


-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of James H. H. Lampert
Sent: Monday, December 09, 2013 5:58 PM
To: Java Programming on and around the IBM i
Subject: Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47
crashes on takeoff -- some authority problem

On 12/9/13 3:21 PM, Dan Kimmel wrote:
ALLOBJ *MIGHT* get you permission, depending on security level. It
DOESN'T on my box.

Which is beside the point: it worked everywhere else, despite the fact
that it apparently (at least so far as I've determined) doesn't have
execute authority anywhere, and that it started working as if nothing
had ever been wrong as soon as I changed the owner of the whole tomcat
subtree (and NOT to the user launching it, NOR to the user who's the
owner of the CL program).

In short, there is nothing that makes the tiniest bit of sense here, at
least in terms of anything I know, or in terms of anything anybody's said.

--
JHHL

--
This is the Java Programming on and around the IBM i (JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.