Unix Security and Job Compilation

kcbland · Post by **kcbland** » Mon Sep 29, 2003 9:03 pm

Put into the S99ds.rc script a umask entry, 002 works the best. Do not try to put it into the dsenv file, as that file is parsed and only environment settings are pulled. Umask will allows users in the same group to share access to jobs, logs, and output files. You should not split groups in the same project, the results you have already seen. Ultimately,

In addition, your production environment should probably run all jobs under a single user, preferably a system account. There you can tighten umask to 002. Your librarian should import and compile jobs under that user id as well.

Kenneth Bland

chulett · Post by **chulett** » Tue Sep 30, 2003 12:35 am

Support has a nice little one-page document on setting up a Unix-based DataStage server for multiple users, they should be able to send it to you if you ask. Basically, it is a matter of setting the umask in the .rc script as Ken suggests and setting the 'sticky bit' of the projects directory.

-craig

ps. Was that a recursive 'chmod'?

kduke · Post by **kduke** » Tue Sep 30, 2003 9:45 am

Louise

I always set umask 002 in the dsenv as well. Craig is correct. You need to set the group id so anyone in the group can delete files created by other users in that group. All users including dsuser1 and dsadm need to be in the same group. So the correct chmod is:

chmod -R 4770 projectdir

Kim.

Kim Duke
DsWebMon - Monitor DataStage over the web
www.Duke-Consulting.com

Teej · Post by **Teej** » Mon Oct 06, 2003 8:57 am

You must be root to do this.

Go to this file:

$dshome/sample

Edit this file:

ds.rc

Remove the "#" on this line: (Line #9)

#umask 002

Save file.

Restart DataStage: (make sure nobody's online, and no CLOSE_WAIT sessions are remaining, blah blah blah)

$dshome/bin/uv -admin -stop (wait 2 minutes)
$dshome/bin/uv -admin -start

Problem solved for any future import/creation. You will need to go to the Projects folder and chmod 775 on everything within it.

-T.J.

* * *

... now if this can make breakfast, my life is complete.

kduke · Post by **kduke** » Mon Oct 06, 2003 10:39 am

TJ

Getting caught up. Some of these replys are on week old topics. How long does it take you to eat breakfast anyway?

Kim.

Kim Duke
DsWebMon - Monitor DataStage over the web
www.Duke-Consulting.com

Teej · Post by **Teej** » Fri Oct 17, 2003 9:15 am

kduke wrote:
Getting caught up. Some of these replys are on week old topics. How long does it take you to eat breakfast anyway?

Well, when your company is eating up all of your time in many wild schemes that somehow is coming together in one piece...

It's a mess here.

BTW, are you going to be at AscentialWorld?

-T.J.

kduke · Post by **kduke** » Fri Oct 17, 2003 9:44 am

TJ

I am so glad you finally got breakfast and you are now working on lunch.

Kim.

ray.wurlod · Post by **ray.wurlod** » Fri Oct 17, 2003 8:02 pm

Beware of an anomaly.

/etc/rc2.d/S99ds.rc (your path may differ) is executed when UNIX is started (or if invoked directly).

$DSHOME/sample/ds.rc is executed when ds -admin -start is used.

chulett · Post by **chulett** » Fri Oct 17, 2003 10:46 pm

On my HP/UX system, the rc2.d file is actually a symbolic link back to the so-called "sample" file... so they are one in the same!

ray.wurlod · Post by **ray.wurlod** » Sun Oct 19, 2003 12:27 am

(singing) It ain't necessarily so!

chulett · Post by **chulett** » Sun Oct 19, 2003 8:11 am

Wow - Point Master of the Universe and he sings, too!

Agreed. Understood. Concur. But as you said - it ain't necessarily so.

kcbland · Post by **kcbland** » Sun Oct 19, 2003 8:17 am

Point Master of the Universe? So who's lackey am I?

chulett · Post by **chulett** » Sun Oct 19, 2003 8:45 am

That was a retorical question, right?

Perhaps I should have said Post Master.

Paul Preston · Post by **Paul Preston** » Mon Oct 20, 2003 3:25 am

Craig

I'm probably culturally deficient in my knowledge but why does it always say "Bunnies, bunnies, it must be bunnies after your name" ?