How to: |
You can run the server in any of the following security modes:
The default security mode is OPSYS if you have satisfied the OPSYS requirements. Otherwise, the default mode is OFF. To apply a different security mode, configure server security in the Web Console.
You must satisfy the requirements described in How to Satisfy Security Mode OPSYS Requirements.
Some security modes need to be configured before you can activate them. You can see a full description of all server security modes in the Web Console help, and also in the Server Administration for UNIX, Windows, OpenVMS, IBMÂ i, and z/OS manual. To see it in the Web Console:
The Web Console Help window opens.
To run a server in security mode OPSYS in OpenVMS, you must satisfy the following requirements. You must do this when you set up the server administration (iadmin) ID.
Although installation can be done by an ordinary user, the changes listed here require the SYSTEM ID.
Run MCR AUTHORIZE to add the following privileges to the iadmin ID.
Privilege |
Function |
Required for |
---|---|---|
CMKRNL |
May change mode to kernel |
Server impersonation features |
IMPERSONATE |
May impersonate another user |
Server impersonation features |
NETMBX |
May create network device |
Mailboxes * |
PRMGBL |
May create permanent global sections |
IPC Shared Memory * |
PRMMBX |
May create permanent mailbox |
IPC Control Pipes * |
SYSGBL |
May create system wide global sections |
IPC Shared Memory * |
SYSNAM |
May insert in system logical name table |
IPC Control Pipes * |
SYSPRV |
May access objects using system protection |
Creating system logical tables* and server security features |
TMPMBX |
May create temporary mailbox |
Mailboxes * |
WORLD |
May affect other processes in the world |
Control of impersonated processes |
SYSLCK |
May lock system wide resources |
Adapter for Progress only * |
* Also required for non-secured servers.
Any additional privileges or changes in quota required by particular underlying databases must also be authorized and customized in the EDAENV.PRM file, as described in How to Add/Change Privileges and Quotas (EDAENV.PRM).
The default minimal quota resources are also contained in the default EDAENV.PRM file. You do not need to have values explicitly declared in the UAF or SYSTEM tables, provided the iadmin user ID has IMPERSONATE privileges. However, some situations may require quotas to be increased (for instance, if there are problems accessing very large databases). This is also done by customizing the EDAENV.PRM file, as described below.
You can create privilege and quota settings using a configuration file (EDAENV.PRM). To customize the settings:
EDAENV.PRM edit rules:
The EDAENV.PRM file should not be confused with the EDAENV.COM file, which is used for running additional OpenVMS commands (typically logical declarations) at startup. An example of EDAENV.PRM follows:
io_direct = 200 queue_limit = 100 page_file = 2097152 buffer_limit = 800000 io_buffered = 200 ast_limit = 300 working_set = 3076 maximum_working_set = 8192 extent = 10240 file_limit = 4096 enqueue_limit = 4000 job_table_quota = 10000 priority = 4 privilege_1 : TMPMBX, NETMBX, PRMMBX privilege_2 : PRMGBL, SYSGBL, SYSNAM privilege_3 : SYSPRV, CMKRNL, WORLD privilege_4 : SYSLCK, IMPERSONATE
iWay Software |