Colin:
Thanks for the thoughts. I wrote a "cron" processor in BASIC. It worked
perfectly
in D3, as I could start it automatically in the "user-coldstart" process when D3
started. Unfortunately UD doesn't have any startup capabilities like this,
although
I found a kludge from IBM at their tech site ("How to run a Phantom via the
Windows
Scheduler and suppress the display of a DOS Shell Window and Taskbar entry"). I
guess I could place this scriipt in the "Startup" folder and assume UD has
already
started.
Anyway, presently I start up this BASIC program by hand whenever I restart UD
via:
:PHANTOM RUN DTABP DTA.SERVICE
I do this logged in with my user (an administrator). This service was similar
to the
background-processing stuff D3 had; however, it uses a "cron" format. What
happens
is this service wakes up every minute, on the minute, reads a services record
then
"phantom"s off the defined command. When I set up a sftp process, I write a
BASIC
program that defines the appropriate account, the sftp O/S command, the
parameters to
be used by the sftp O/S command, etc. Then the service creates a command like:
TclCmd = "LOGTO E:\UDAccounts\MyAccount"
TclCmd<-1> = "PHANTOM SFTP.RUN"
...then executes this. The problem I run into here is there seems to be some
kind of
issue with the Windows "sftpc" software where the keys are stored in the
registry
under some user name (or maybe not - I can't quite get the software developers
to
work out this scenario without they getting offended I would suggest there's a
problem) and the phantom'd phantom doesn't quite seem to be operating in the
proper
security context because the sftp fails with an improper key. It even fails
from
UD's ECL prompt. It does, however, work properly from a DOS window.
Currently I'm logging every command executed by this originally phantomed
service,
and the log says the user (@LOGNAME) is me, even on the phantom'd phantom. So
something is amiss (or could use some further explanation).
Thanks again,
Bill
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Colin Alfke
Sent: Wednesday, February 13, 2008 7:57 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] UD what user is a phantom using
Bill;
Normally our phantoms here return a user = "system." We haven't tried firing
phantoms from phantoms or starting UniData as another user. I have seen some
strange security related things with phantoms - it's like the user isn't
quite logged in.
You can try looking at @LOGNAME in UniData and see what it reports (I think
there is another one for group or administrator) or setting up a .bat file
in windows to run that does an echo %USERNAME% and capturing the output or
redirecting it to a file.
hth
Colin Alfke
Calgary, Canada
-----Original Message-----
From: Bill Haskett
As a follow up (remember we're on Windows 2K3)...
If I login to the Windows server as administrator "A" then run a 3rd party
"sftpc"
command in a DOS window, it works. If I login to UniData as the same
administrator "A" and run the same "sftpc" command, from ECL, it works fine.
However, if I login to UniData as administrator "B" then run the same
"sftpc" command from ECL (!sftpc -profile=... -cmdFile=...), it fails. Now,
if I login to the Windows server as administrator "B" then run the "sftpc"
command in a DOS window, it works; and if I rerun the command in UniData,
while still logged in as administrator "B", it works.
However, when I log off UniData and log back in as administrator "A" the "sftpc"
command fails. In order to make this work for administrator "A" I need to
login to the Windows server, as admministrator "A", and execute the "sftpc"
command from a DOS prompt. However, once done for administrator "A",
administrator "B" can't run this command successfully from UniData. And
around we go.
This seems to imply that O/S commands from UniData execute in a different
security context than on the Windows server, in a DOS window (using the same
Windows user).
Does the UniData Database service need to start under something other than
the "Local System account"? What Windows security changes from within UD vs
from within a DOS window?
Thanks,
Bill
>-----Original Message-----
>From: Bill Haskett
>
>I've been trying to set up a script to sftp a file to someone else on the
>internet
on
>a regular, unattended, basis. They're using Windows and WinSSHD. I'm using
>Windows
>2K3 with Tunnelier and UD v7.1.9. I'm having some problems figuring out the
security
>context of the phantomed job that runs an O/S command.
>
>If I start a phantom process, that phantoms other processes when the time is
>right, what user does the phantom'd phantom use when processing O/S commands?
>
>Thanks,
>
>Bill Haskett
>Advantos Systems, Inc.
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
