On Apr 6, 2006, at 2:12 AM, Rob van der Heij wrote:
We're considering setting up a separate class that will allow
specific
clients to set the share on their own. We believe this could be
accomplished using a new privilege class but was wondering exactly
how we
would go about setting one up, as well as pros and cons the list
might be
aware of. Also, I was wondering if there is a way that we can
setup the
privilege class to allow the command to only be executed against
certain
IDs. I'm thinking about audit time and what the auditors might
say if we
allow our clients the authority to set share on our service machines.
You can't get down to the granularity that you're asking for without
doing your own CP commands or local mods. Might be fun, but maybe not
the kind of fun you are looking for. I am not sure whether an ESM
would have its hands in there, but your next question is probably
about the value of the share setting they use.
The easiest way imho is to run PROP (or better) in a disconnected
virtual machine with sufficient privileges (maybe you already have
that in the OPERATOR userid) and define your own set of commands that
your customer can use. The action routines in PROP can do all the
checking you need (like who issues the command), and issue the
necessary SET SHARE command.
If you need an example of routing table and action routine, just
ask...
Or if you wanted to download Sine Nomine's SYSVINIT program, it's
already got a framework, which runs in an appropriately-privileged
userid (AUTOLOG1) to do all this. In this case you'd be using
SYSVINIT to manipulate particular guest-appropriate variables, and
we've got a syntax to do that. A little Rexx is required, but that's
all. It's easier than configuring PROP from scratch to do it.
Adam
