The non-conventional /quoting/ that has been used in replying

Are you talking about mine or yours? No need to be passive aggressive.
Call me out so I can fix it.

Aaron Bartell
litmis.com - Services for open source on IBM i


On Mon, Jan 11, 2016 at 10:17 AM, CRPence <crpbottle@xxxxxxxxx> wrote:

On 10-Jan-2016 19:54 -0700, Aaron Bartell wrote:

On 08-Jan-2016 17:02 -0700, CRPence wrote:

On 08-Jan-2016 15:36 -0700, Aaron Bartell wrote:

On 08-Jan-2016 15:23 -0700, CRPence wrote:
Sorry, here's the full error:
https://bitbucket.org/snippets/aaronbartell/q8Xgk


included reformatted for reference only:

5770SS1 V7R2M0 140418 Job Log LITMIS1 01/08/16 23:19:39 UTC Page 1
Job name: CODE01 User: QTMHHTTP Number: 165602
Job description: QZHBHTTP Library: QHTTPSVR
<<SNIP>>

<<SNIP>> I have a shell script named full_path_perms.sh** that
gives me the perms for each dir, as shown below.

$ ./full_path_perms.sh /QOpenSys/QIBM/ProdData/OS400/PASE/sbin/zfcgi
drwxrwsrwx 13 qsys 0 339968 Dec 21 21:41
/QOpenSys
<<SNIP>>

was that script run under that USRPRF or perhaps run under
another USRPRF?


It was profile AARON that issues STRTCPSVR, but I obtained the
error from WRKSPLF QTMHHTTP.


Best to run the script using USER(QTMHHTTP) given that is the
initial user for the <ed:> *conspicuously missing content*


Not sure what you mean and your sentence was cut off.


Best to run the script using USER(QTMHHTTP) given that is the initial
user for the job(165602/QTMHHTTP/CODE01)

The STRTCPSVR command** doesn't have a USER option.
**
[http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/cl/strtcpsvr.htm
]


The non-conventional /quoting/ that has been used in replying, have
resulted in my attempts to reformat the content, perhaps compromising the
connections. I have since re-inserted the reference to the /script/ to
which I was referring, being the script that was run to show the
authorities for the user running the script; a user I was presuming was a
different user than the current user of the failing job.

Thus I was suggesting that having run the script under user AARON, for
example, would not be appropriate to reveal the authorities to the user
QTMHHTTP, for example; the script must be run using the same user that
would run when the processing failed for lack of necessary authority.


Concerning audit journal for AF entries, I did find three of them
(they are all the same except the directory specified on line 00851).
Here's an example of one. Do you see something that gives more info
about the error?


Drilling into the docs from the first of the following to the third,
finds the layout of that T-AF journal entry [although I did not recall, not
giving offsets for the Entry Specific Data itself, but instead just for
output to some of the possible output files]:

[
http://www.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_71/rzarl/rzarlsecaudje.htm
]
_Security auditing journal entries_

[
http://www.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_71/rzarl/rzarllayout.htm#rzarllayout
]
_Layout of audit journal entries_

[
http://www.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_71/rzarl/rzarlf06.htm
]
_AF (Authority Failure) journal entries_


Display Journal Entry

Object . . . . . . . : Library . . . . . . :
Member . . . . . . . :
Incomplete data . . : No Minimized entry data : *NONE
Sequence . . . . . . : 10382
Code . . . . . . . . : T - Audit trail entry
Type . . . . . . . . : AF - Authority failure

Entry specific data
Column *...+....1....+....2....+....3....+....4....+....5
00001 'A*N *N *DIR CODE01 QTMHHTTP '
00051 '168853 QTMHHTTP 0000'
00101 '000 '
00151 ' '
00201 ' '
00251 ' ºròÙ P '
00301 ' '
<<SNIP>>
00701 ' '
00751 ' '
00801 ' ºròÙ P QASP01 00001 USENU Y '
00851 ' /QOpenSys/usr/sbin '
00901 ' '
00951 ' '
01001 ' '


The changing path data at position 857 names the parent directory of,
the Path Name of, the STMF File ID to which the user named QTMHHTTP
[position 76] is not authorized. Because the File ID is binary data [as
are other offsets of the presented data], other data other than the path
could have changed [and likely did, given the path changed].


--
Regards, Chuck

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.