> We're considering setting up a separate class that will allow specific > clients to set the share on their own. We believe this could be > accomplished using a new privilege class but was wondering exactly how we > would go about setting one up, as well as pros and cons the list might be > aware of. Also, I was wondering if there is a way that we can setup the > privilege class to allow the command to only be executed against certain > IDs. I'm thinking about audit time and what the auditors might say if we > allow our clients the authority to set share on our service machines.
You can't get down to the granularity that you're asking for without doing your own CP commands or local mods. Might be fun, but maybe not the kind of fun you are looking for. I am not sure whether an ESM would have its hands in there, but your next question is probably about the value of the share setting they use. The easiest way imho is to run PROP (or better) in a disconnected virtual machine with sufficient privileges (maybe you already have that in the OPERATOR userid) and define your own set of commands that your customer can use. The action routines in PROP can do all the checking you need (like who issues the command), and issue the necessary SET SHARE command. If you need an example of routing table and action routine, just ask... Rob -- Rob van der Heij Velocity Software, Inc
