Colin: Thanks for the thoughts. I wrote a "cron" processor in BASIC. It worked perfectly in D3, as I could start it automatically in the "user-coldstart" process when D3 started. Unfortunately UD doesn't have any startup capabilities like this, although I found a kludge from IBM at their tech site ("How to run a Phantom via the Windows Scheduler and suppress the display of a DOS Shell Window and Taskbar entry"). I guess I could place this scriipt in the "Startup" folder and assume UD has already started. Anyway, presently I start up this BASIC program by hand whenever I restart UD via: :PHANTOM RUN DTABP DTA.SERVICE I do this logged in with my user (an administrator). This service was similar to the background-processing stuff D3 had; however, it uses a "cron" format. What happens is this service wakes up every minute, on the minute, reads a services record then "phantom"s off the defined command. When I set up a sftp process, I write a BASIC program that defines the appropriate account, the sftp O/S command, the parameters to be used by the sftp O/S command, etc. Then the service creates a command like: TclCmd = "LOGTO E:\UDAccounts\MyAccount" TclCmd<-1> = "PHANTOM SFTP.RUN" ...then executes this. The problem I run into here is there seems to be some kind of issue with the Windows "sftpc" software where the keys are stored in the registry under some user name (or maybe not - I can't quite get the software developers to work out this scenario without they getting offended I would suggest there's a problem) and the phantom'd phantom doesn't quite seem to be operating in the proper security context because the sftp fails with an improper key. It even fails from UD's ECL prompt. It does, however, work properly from a DOS window. Currently I'm logging every command executed by this originally phantomed service, and the log says the user (@LOGNAME) is me, even on the phantom'd phantom. So something is amiss (or could use some further explanation). Thanks again, Bill
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin Alfke Sent: Wednesday, February 13, 2008 7:57 AM To: u2-users@listserver.u2ug.org Subject: RE: [U2] UD what user is a phantom using Bill; Normally our phantoms here return a user = "system." We haven't tried firing phantoms from phantoms or starting UniData as another user. I have seen some strange security related things with phantoms - it's like the user isn't quite logged in. You can try looking at @LOGNAME in UniData and see what it reports (I think there is another one for group or administrator) or setting up a .bat file in windows to run that does an echo %USERNAME% and capturing the output or redirecting it to a file. hth Colin Alfke Calgary, Canada -----Original Message----- From: Bill Haskett As a follow up (remember we're on Windows 2K3)... If I login to the Windows server as administrator "A" then run a 3rd party "sftpc" command in a DOS window, it works. If I login to UniData as the same administrator "A" and run the same "sftpc" command, from ECL, it works fine. However, if I login to UniData as administrator "B" then run the same "sftpc" command from ECL (!sftpc -profile=... -cmdFile=...), it fails. Now, if I login to the Windows server as administrator "B" then run the "sftpc" command in a DOS window, it works; and if I rerun the command in UniData, while still logged in as administrator "B", it works. However, when I log off UniData and log back in as administrator "A" the "sftpc" command fails. In order to make this work for administrator "A" I need to login to the Windows server, as admministrator "A", and execute the "sftpc" command from a DOS prompt. However, once done for administrator "A", administrator "B" can't run this command successfully from UniData. And around we go. This seems to imply that O/S commands from UniData execute in a different security context than on the Windows server, in a DOS window (using the same Windows user). Does the UniData Database service need to start under something other than the "Local System account"? What Windows security changes from within UD vs from within a DOS window? Thanks, Bill >-----Original Message----- >From: Bill Haskett > >I've been trying to set up a script to sftp a file to someone else on the >internet on >a regular, unattended, basis. They're using Windows and WinSSHD. I'm using >Windows >2K3 with Tunnelier and UD v7.1.9. I'm having some problems figuring out the security >context of the phantomed job that runs an O/S command. > >If I start a phantom process, that phantoms other processes when the time is >right, what user does the phantom'd phantom use when processing O/S commands? > >Thanks, > >Bill Haskett >Advantos Systems, Inc. ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/