The problem is not our code. The problem is that there is Temenos code (like tSA) that is doing that for the files it creates. That represents a problem from the auditory POV, as there is no way to ensure files are not modified by an unauthorized user.
Sent from my iPhone > On Dec 17, 2018, at 9:00 AM, Jim Idle <[email protected]> wrote: > > Actually, I do not think that this is a bug. I think that this is how the > system call fopen(2) works. Hence the real way to do this is to touch the > file then execute chmod on it before writing to it. Perhaps the OPENSEQ isc > commands should really have been given a MODE parameter, but in general, you > don't want user programs overriding the umask. A number of options here, but > I would just set the file to the permissions you want before you write to it. > > Jim > > > >> On Mon, Dec 17, 2018 at 1:01 PM JOSE L MARTINEZ-AVIAL <[email protected]> >> wrote: >> Thanks Jim, Mike, >> I just tested Jim's example and it creates the files with the right >> permissions >> SunOS-/ve1/miaeod/bnk/bnk.run: TEST2 >> Umask as seen from jBASE is currently: 02 >> Umask as seen from ksh EXECUTE is currently: 02 >> SunOS-/ve1/miaeod/bnk/bnk.run: ls -rlt file1 file2 >> -rw-rw-r-- 1 miaeod tafc 0 Dec 16 18:09 file1 >> -rw-rw-r-- 1 miaeod tafc 0 Dec 16 18:09 file2 >> SunOS-/ve1/miaeod/bnk/bnk.run: >> >> so it seems the problem is specific to the command CREATE in jbase. I've >> opened a ticket with Temenos, since for auditory purposes we need to have >> this issue solved. >> >> I'll keep you posted. >> >> thanks >> >> JL >> >>> El vie., 14 dic. 2018 a las 9:02, Mvreply (<[email protected]>) escribió: >>> Jose, >>> >>> I tested your TEST.OPENSEQ against the latest (Zumasys) jBASE version on >>> RHEL 7 Linux and the behaviour is exactly the same, whether “umask 002” is >>> present or not: >>> >>> >>> >>> -rw-rw-rw-. 1 support support 0 Dec 13 15:45 test.txt >>> >>> >>> >>> Regular files are created with the correct permissions: >>> >>> >>> >>> -rw-rw-r--. 1 support support 24576 Dec 13 15:46 tempfile >>> >>> -rw-rw-r--. 1 support support 24576 Dec 13 15:46 tempfile]D >>> >>> >>> >>> If this is a problem for you, then you need to contact Temenos for >>> assistance. >>> >>> >>> >>> Mike >>> >>> >>> >>> From: [email protected] <[email protected]> On Behalf Of JOSE L >>> MARTINEZ-AVIAL >>> Sent: 13 December 2018 13:26 >>> To: [email protected] >>> Subject: Re: Issue with umask and openseq >>> >>> >>> >>> Hello Jim, >>> >>> >>> >>> Thanks for your repsonse. This is a real example without jsh >>> >>> >>> >>> SunOS-/ve1/miaeod/bnk/bnk.run: >>> SunOS-/ve1/miaeod/bnk/bnk.run: umask 002 >>> SunOS-/ve1/miaeod/bnk/bnk.run: touch thisisatest.txt >>> SunOS-/ve1/miaeod/bnk/bnk.run: ls -lrt thisisatest.txt >>> -rw-rw-r-- 1 miaeod tafc 0 Dec 13 08:23 thisisatest.txt >>> SunOS-/ve1/miaeod/bnk/bnk.run: TEST.OPENSEQ >>> SunOS-/ve1/miaeod/bnk/bnk.run: ls -rlt test.txt >>> -rw-rw-rw- 1 miaeod tafc 0 Dec 13 08:23 test.txt >>> SunOS-/ve1/miaeod/bnk/bnk.run: echo $SHELL >>> /bin/ksh >>> SunOS-/ve1/miaeod/bnk/bnk.run: >>> >>> >>> >>> As you can see the umask is set to 002, and the touch program inherits >>> that, but it seems the TEST.OPENSEQ (same program as previous example) does >>> not. Any ideas? >>> >>> >>> >>> El jue., 13 dic. 2018 a las 0:43, Jim Idle (<[email protected]>) >>> escribió: >>> >>> In your touch example above, you have used two different file names - that >>> is obviously not the output from your actual commands and you have not >>> shown the value of umask. You 'touch test2.txt', then you 'ls' the file >>> test1.txt, then you show the ls output of test2.txt, where you have >>> seemingly the output of umask 2. You should really do those commands from >>> scratch and list the actual output, not a mock-up. >>> >>> >>> >>> jBASE will use the umask setting of its inherited environment. Here, you >>> are using jsh, which is a jBASE program, so it will pick up the umask that >>> it received at the time it started up. jSH may be a little different in >>> that it might respect the umask command on the command line, but I no >>> longer remember - I think not though - you can test by changing umask at >>> the jsh command line and seeing what happens when you create new files. >>> But the best thing to do is to set umask in your .profile or bash profile. >>> This is so that when you start your jBASE program, it inherits the umask >>> from the environment it starts up in. >>> >>> >>> >>> You could also change jsh mode to sh mode, then use: >>> >>> >>> >>> umask 002 ; TEST.OPENSEQ >>> >>> >>> >>> Personally, I would not use jSH - just learn bash properly. >>> >>> >>> >>> I do not believe that we ever made any special environment things for >>> umask, but there is something buzzing in the back of my head about umask. >>> But start by setting umask before you start any jBNASE program. >>> >>> >>> >>> I checked the latest OPENSEQ docs on the jBASE web site. But whoever took >>> my original text and wrote misleading things about read locks, and garbled >>> the grammar, obviously did not know much about how it actually works, then >>> compounded the garbled explanation with an example in lower case with >>> comments such as: >>> >>> >>> >>> * open the jbase file >>> >>> open .... >>> >>> >>> >>> Yeah - I can see why you didn't consult the documentation! >>> >>> >>> >>> On Thu, Dec 13, 2018 at 1:13 PM JOSE L MARTINEZ-AVIAL <[email protected]> >>> wrote: >>> >>> Hello, >>> >>> we are running into some issues with files created with OPENSEQ. We are >>> using Jbase 5.11 over Solaris 10, and we have setup umask 002, in order to >>> avoid files being writable by others. It works fine if I create a new file >>> by doing >>> >>> >>> >>> jsh miaeod ~ -->touch test2.txt >>> >>> jsh miaeod ~ -->ls -lrt test1.txt >>> -rw-rw-r-- 1 miaeod tafc 0 Dec 12 22:56 test2.txt >>> >>> >>> >>> but if I write a program that just creates a file and closes it, the file >>> is created with permissions for others to read >>> >>> jsh miaeod ~ -->CT DEV.BP TEST.OPENSEQ >>> TEST.OPENSEQ >>> 001 PROGRAM TEST.OPENSEQ >>> 002 FILE.NAME = "test.txt" >>> 003 OPENSEQ FILE.NAME TO FILE.CREATED ELSE CREATE FILE.CREATED ELSE >>> DISPLAY 'ERROR CREATING TABLE' ; STOP >>> 004 WEOFSEQ FILE.CREATED >>> 005 CLOSESEQ FILE.CREATED >>> 006 RETURN >>> 007 END >>> >>> jsh miaeod ~ -->TEST.OPENSEQ >>> jsh miaeod ~ -->ls -lrt test.txt >>> -rw-rw-rw- 1 miaeod tafc 0 Dec 12 22:56 test.txt >>> >>> >>> >>> What could be the issue? >>> >>> >>> >>> thanks >>> >>> >>> >>> JL >>> >>> >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> -- >> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >> >> To post, send email to [email protected] >> To unsubscribe, send email to [email protected] >> For more options, visit this group at >> http://groups.google.com/group/jBASE?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "jBASE" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > -- > IMPORTANT: T24/Globus posts are no longer accepted on this forum. > > To post, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit this group at > http://groups.google.com/group/jBASE?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "jBASE" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- IMPORTANT: T24/Globus posts are no longer accepted on this forum. To post, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit this group at http://groups.google.com/group/jBASE?hl=en --- You received this message because you are subscribed to the Google Groups "jBASE" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
