OK - then yes, you will need TEMENOS to modify their subroutines if the files they produce do not have deterministic names. Hopefully, they can help you. You could, of course, execute chmod on the files after they are generated, but there would be a window of time where the files are accessible outside the permission set you want, so that is probably not a practical solution.
Good luck, Jim On Tue, Dec 18, 2018 at 1:06 AM JOSE LUIS MARTINEZ-AVIAL GONZALEZ-CELA < [email protected]> wrote: > The problem is not our code. The problem is that there is Temenos code > (like tSA) that is doing that for the files it creates. That represents a > problem from the auditory POV, as there is no way to ensure files are not > modified by an unauthorized user. > > Sent from my iPhone > > On Dec 17, 2018, at 9:00 AM, Jim Idle <[email protected]> wrote: > > Actually, I do not think that this is a bug. I think that this is how the > system call fopen(2) works. Hence the real way to do this is to touch the > file then execute chmod on it before writing to it. Perhaps the OPENSEQ isc > commands should really have been given a MODE parameter, but in general, > you don't want user programs overriding the umask. A number of options > here, but I would just set the file to the permissions you want before you > write to it. > > Jim > > > > On Mon, Dec 17, 2018 at 1:01 PM JOSE L MARTINEZ-AVIAL <[email protected]> > wrote: > >> Thanks Jim, Mike, >> I just tested Jim's example and it creates the files with the right >> permissions >> SunOS-/ve1/miaeod/bnk/bnk.run: TEST2 >> Umask as seen from jBASE is currently: 02 >> Umask as seen from ksh EXECUTE is currently: 02 >> SunOS-/ve1/miaeod/bnk/bnk.run: ls -rlt file1 file2 >> -rw-rw-r-- 1 miaeod tafc 0 Dec 16 18:09 file1 >> -rw-rw-r-- 1 miaeod tafc 0 Dec 16 18:09 file2 >> SunOS-/ve1/miaeod/bnk/bnk.run: >> >> so it seems the problem is specific to the command CREATE in jbase. I've >> opened a ticket with Temenos, since for auditory purposes we need to have >> this issue solved. >> >> I'll keep you posted. >> >> thanks >> >> JL >> >> El vie., 14 dic. 2018 a las 9:02, Mvreply (<[email protected]>) >> escribió: >> >>> Jose, >>> >>> I tested your TEST.OPENSEQ against the latest (Zumasys) jBASE version on >>> RHEL 7 Linux and the behaviour is exactly the same, whether “umask 002” is >>> present or not: >>> >>> >>> >>> -rw-rw-rw-. 1 support support 0 Dec 13 15:45 test.txt >>> >>> >>> >>> Regular files are created with the correct permissions: >>> >>> >>> >>> -rw-rw-r--. 1 support support 24576 Dec 13 15:46 tempfile >>> >>> -rw-rw-r--. 1 support support 24576 Dec 13 15:46 tempfile]D >>> >>> >>> >>> If this is a problem for you, then you need to contact Temenos for >>> assistance. >>> >>> >>> >>> Mike >>> >>> >>> >>> *From:* [email protected] <[email protected]> *On Behalf Of *JOSE >>> L MARTINEZ-AVIAL >>> *Sent:* 13 December 2018 13:26 >>> *To:* [email protected] >>> *Subject:* Re: Issue with umask and openseq >>> >>> >>> >>> Hello Jim, >>> >>> >>> >>> Thanks for your repsonse. This is a real example without jsh >>> >>> >>> >>> SunOS-/ve1/miaeod/bnk/bnk.run: >>> SunOS-/ve1/miaeod/bnk/bnk.run: umask 002 >>> SunOS-/ve1/miaeod/bnk/bnk.run: touch thisisatest.txt >>> SunOS-/ve1/miaeod/bnk/bnk.run: ls -lrt thisisatest.txt >>> -rw-rw-r-- 1 miaeod tafc 0 Dec 13 08:23 thisisatest.txt >>> SunOS-/ve1/miaeod/bnk/bnk.run: TEST.OPENSEQ >>> SunOS-/ve1/miaeod/bnk/bnk.run: ls -rlt test.txt >>> -rw-rw-rw- 1 miaeod tafc 0 Dec 13 08:23 test.txt >>> SunOS-/ve1/miaeod/bnk/bnk.run: echo $SHELL >>> /bin/ksh >>> SunOS-/ve1/miaeod/bnk/bnk.run: >>> >>> >>> >>> As you can see the umask is set to 002, and the touch program inherits >>> that, but it seems the TEST.OPENSEQ (same program as previous example) does >>> not. Any ideas? >>> >>> >>> >>> El jue., 13 dic. 2018 a las 0:43, Jim Idle (<[email protected]>) >>> escribió: >>> >>> In your touch example above, you have used two different file names - >>> that is obviously not the output from your actual commands and you have not >>> shown the value of umask. You 'touch test2.txt', then you 'ls' the file >>> test1.txt, then you show the ls output of test2.txt, where you have >>> seemingly the output of umask 2. You should really do those commands from >>> scratch and list the actual output, not a mock-up. >>> >>> >>> >>> jBASE will use the umask setting of its inherited environment. Here, you >>> are using jsh, which is a jBASE program, so it will pick up the umask that >>> it received at the time it started up. jSH may be a little different in >>> that it might respect the umask command on the command line, but I no >>> longer remember - I think not though - you can test by changing umask at >>> the jsh command line and seeing what happens when you create new files. >>> But the best thing to do is to set umask in your .profile or bash profile. >>> This is so that when you start your jBASE program, it inherits the >>> umask from the environment it starts up in. >>> >>> >>> >>> You could also change jsh mode to sh mode, then use: >>> >>> >>> >>> umask 002 ; TEST.OPENSEQ >>> >>> >>> >>> Personally, I would not use jSH - just learn bash properly. >>> >>> >>> >>> I do not believe that we ever made any special environment things for >>> umask, but there is something buzzing in the back of my head about umask. >>> But start by setting umask before you start any jBNASE program. >>> >>> >>> >>> I checked the latest OPENSEQ docs on the jBASE web site. But >>> whoever took my original text and wrote misleading things about read locks, >>> and garbled the grammar, obviously did not know much about how it actually >>> works, then compounded the garbled explanation with an example in lower >>> case with comments such as: >>> >>> >>> >>> * open the jbase file >>> >>> open .... >>> >>> >>> >>> Yeah - I can see why you didn't consult the documentation! >>> >>> >>> >>> On Thu, Dec 13, 2018 at 1:13 PM JOSE L MARTINEZ-AVIAL <[email protected]> >>> wrote: >>> >>> Hello, >>> >>> we are running into some issues with files created with OPENSEQ. We >>> are using Jbase 5.11 over Solaris 10, and we have setup umask 002, in order >>> to avoid files being writable by others. It works fine if I create a new >>> file by doing >>> >>> >>> >>> jsh miaeod ~ -->touch test2.txt >>> >>> jsh miaeod ~ -->ls -lrt test1.txt >>> -rw-rw-r-- 1 miaeod tafc 0 Dec 12 22:56 test2.txt >>> >>> >>> >>> but if I write a program that just creates a file and closes it, the >>> file is created with permissions for others to read >>> >>> jsh miaeod ~ -->CT DEV.BP TEST.OPENSEQ >>> TEST.OPENSEQ >>> 001 PROGRAM TEST.OPENSEQ >>> 002 FILE.NAME >>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2FFILE.NAME&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422197850&sdata=q0ubMzFSMVablICUpFVUlR7pWm3%2FhBs0EmJwdWPDfCU%3D&reserved=0> >>> = "test.txt" >>> 003 OPENSEQ FILE.NAME >>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2FFILE.NAME&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=sNAYVaXTMYXB8uIGbpjqLrOq7%2BmDf9z7%2FS4FhFOMD5g%3D&reserved=0> >>> TO FILE.CREATED ELSE CREATE FILE.CREATED ELSE DISPLAY 'ERROR CREATING >>> TABLE' ; STOP >>> 004 WEOFSEQ FILE.CREATED >>> 005 CLOSESEQ FILE.CREATED >>> 006 RETURN >>> 007 END >>> >>> jsh miaeod ~ -->TEST.OPENSEQ >>> jsh miaeod ~ -->ls -lrt test.txt >>> -rw-rw-rw- 1 miaeod tafc 0 Dec 12 22:56 test.txt >>> >>> >>> >>> What could be the issue? >>> >>> >>> >>> thanks >>> >>> >>> >>> JL >>> >>> >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgroups.google.com%2Fgroup%2FjBASE%3Fhl%3Den&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=YME4Vr7p%2BJf71BqeL1XvaAEd2ugoA9I6a8azlJX3dec%3D&reserved=0> >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout >>> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Foptout&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=NHhPuGjMFWMygt1yL6yRHjlrtxtV%2BKtXKAH6toWDWPI%3D&reserved=0> >>> . >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgroups.google.com%2Fgroup%2FjBASE%3Fhl%3Den&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=YME4Vr7p%2BJf71BqeL1XvaAEd2ugoA9I6a8azlJX3dec%3D&reserved=0> >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout >>> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Foptout&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=NHhPuGjMFWMygt1yL6yRHjlrtxtV%2BKtXKAH6toWDWPI%3D&reserved=0> >>> . >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgroups.google.com%2Fgroup%2FjBASE%3Fhl%3Den&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=YME4Vr7p%2BJf71BqeL1XvaAEd2ugoA9I6a8azlJX3dec%3D&reserved=0> >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout >>> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Foptout&data=02%7C01%7Cmikes%40jbase.com%7C83cf8525b7944a2cd96d08d6610e8a58%7Cbfd62fcabd384e07a0785e9943d1f9c0%7C0%7C0%7C636803112422354096&sdata=NHhPuGjMFWMygt1yL6yRHjlrtxtV%2BKtXKAH6toWDWPI%3D&reserved=0> >>> . >>> >>> -- >>> -- >>> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >>> >>> To post, send email to [email protected] >>> To unsubscribe, send email to [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/jBASE?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "jBASE" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> -- >> IMPORTANT: T24/Globus posts are no longer accepted on this forum. >> >> To post, send email to [email protected] >> To unsubscribe, send email to [email protected] >> For more options, visit this group at >> http://groups.google.com/group/jBASE?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "jBASE" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > -- > IMPORTANT: T24/Globus posts are no longer accepted on this forum. > > To post, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit this group at > http://groups.google.com/group/jBASE?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "jBASE" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > -- > IMPORTANT: T24/Globus posts are no longer accepted on this forum. > > To post, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit this group at > http://groups.google.com/group/jBASE?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "jBASE" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- IMPORTANT: T24/Globus posts are no longer accepted on this forum. To post, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit this group at http://groups.google.com/group/jBASE?hl=en --- You received this message because you are subscribed to the Google Groups "jBASE" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
