1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • Guardian error 48 opening file

    From Bry Pas@21:1/5 to All on Mon Mar 13 10:05:57 2023
    Hello Tandem experts,

    Encountered this Guardian error 48 when an Operator ID (230,1) runs the program owned by a user within its group (230,254)

    Here's the scenario, operator runs the program and got an error

    RUN GGSCI
    OGG ERROR 103 Guardian error 48 opening file $DISK.SUBVOL.GROUP

    File security set to
    RWEP
    GOGO

    FILE OWNER is 230,254
    User ID running the program is 230,1

    Anyone knows how to fix this? Your feedback is very much appreciated! Thank you.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From JShepherd@21:1/5 to All on Mon Mar 13 17:50:12 2023
    In article <5f855af5-7c57-4e2f-ae5b-f4081051cc72n@googlegroups.com>, bryanpascua88@gmail.com says...

    Hello Tandem experts,

    Encountered this Guardian error 48 when an Operator ID (230,1) runs the program
    owned by a user within its group (230,254)

    Here's the scenario, operator runs the program and got an error

    RUN GGSCI
    OGG ERROR 103 Guardian error 48 opening file $DISK.SUBVOL.GROUP

    File security set to
    RWEP
    GOGO

    FILE OWNER is 230,254
    User ID running the program is 230,1

    Anyone knows how to fix this? Your feedback is very much appreciated!
    Thank you.


    Is the application, as 230,1, opening the file for write access ?

    If the owner is 230,254 and the security is "GOGO" then
    only the owner 230,254 has write acesss

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From keithmoo@gmail.com@21:1/5 to Bry Pas on Mon Mar 13 14:14:33 2023
    On Monday, March 13, 2023 at 1:05:58 PM UTC-4, Bry Pas wrote:
    Hello Tandem experts,

    Encountered this Guardian error 48 when an Operator ID (230,1) runs the program owned by a user within its group (230,254)

    Here's the scenario, operator runs the program and got an error

    RUN GGSCI
    OGG ERROR 103 Guardian error 48 opening file $DISK.SUBVOL.GROUP

    File security set to
    RWEP
    GOGO

    FILE OWNER is 230,254
    User ID running the program is 230,1

    Anyone knows how to fix this? Your feedback is very much appreciated! Thank you.


    Did you check if there were any Safeguard rules on the file, disk, or volume? SAFECOM INFO ... Also, the audit trail of safeguard will tell you if there was a rejection and why.
    I hope that this helps.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bry Pas@21:1/5 to All on Tue Mar 14 06:50:14 2023
    Did you check if there were any Safeguard rules on the file, disk, or volume? SAFECOM INFO ... Also, the audit trail of safeguard will tell you if there was a rejection and why.
    I hope that this helps.

    Hello Keit, JSheperd,

    Thanks for your replies.

    Are there any options aside from SAFEGUARD control? We would like to set PROGID of this file but not sure what is the effect, does it make the file accessible to any users in the system?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bill Honaker@21:1/5 to Bry Pas on Tue Mar 14 12:31:42 2023
    On Tue, 14 Mar 2023 06:50:14 -0700 (PDT), Bry Pas <bryanpascua88@gmail.com> wrote:

    Did you check if there were any Safeguard rules on the file, disk, or volume? SAFECOM INFO ... Also, the audit trail of safeguard will tell you if there was a rejection and why.
    I hope that this helps.

    Hello Keit, JSheperd,

    Thanks for your replies.

    Are there any options aside from SAFEGUARD control? We would like to set PROGID of this file but not sure what is the effect, does it make the file accessible to any users in the system?

    Bry Pas,

    It would not. PROGID is only applicable to Guardian executable files (Code 100, 500, 700). When set, and when a process is started using that as the Program
    File Name, the process runs wita 'PAID' (Process Access ID)' of the owner of the file.

    Setting the 'WRITE' security byte (the second of the 4 bytes) to an appropriate value affects whether a program can open the file for Write access.
    If you need more granularity than that for controlling access, you must use Safeguard.

    Hope that helps,
    Bill

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From JShepherd@21:1/5 to All on Wed Mar 15 16:39:49 2023
    In article <d10bc09d-b537-4043-bcc2-2401c306f478n@googlegroups.com>, bryanpascua88@gmail.com says...

    Did you check if there were any Safeguard rules on the file, disk, or volume?
    SAFECOM INFO ... Also, the audit trail of safeguard will tell you if there
    was a
    rejection and why.
    I hope that this helps.

    Hello Keit, JSheperd,

    Thanks for your replies.

    Are there any options aside from SAFEGUARD control? We would like to set PROGID
    of this file but not sure what is the effect, does it make the file
    accessible t
    o any users in the system?


    Safeguard is the solution.

    Safeguard Access Control Lists (ACLs) will override enscribe security.

    One example of a volume level ACL.
    Safecom run as super.super

    safecom

    add volume $VOL
    ALTER VOLUME $VOL ACCESS GROUP NUMBER \*.00255 (R,W,E,P,C,O)
    ALTER VOLUME $VOL ACCESS GROUP NUMBER \*.00100 (R,W,E,P,C,O)
    ALTER VOLUME $VOL ACCESS GROUP NUMBER \*.00130 (R, E)
    ALTER VOLUME $VOL ACCESS GROUP NUMBER \*.00140 (R,W,E)
    ALTER VOLUME $VOL ACCESS GROUP NUMBER \*.00160 (R,W,E)
    ALTER VOLUME $VOL ACCESS GROUP NUMBER \*.00200 (R, E)

    ACLs can be volume level or subvol level or diskfile level
    or any combination of those.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Bry Pas on Wed Mar 15 12:20:31 2023
    On Tuesday, March 14, 2023 at 9:50:17 a.m. UTC-4, Bry Pas wrote:
    Did you check if there were any Safeguard rules on the file, disk, or volume? SAFECOM INFO ... Also, the audit trail of safeguard will tell you if there was a rejection and why.
    I hope that this helps.
    Hello Keit, JSheperd,

    Thanks for your replies.

    Are there any options aside from SAFEGUARD control? We would like to set PROGID of this file but not sure what is the effect, does it make the file accessible to any users in the system?

    You could consider running the program in an XAC session (XYGATE). That would allow the operator to switch users to the owner. However, if you are running GoldenGate (GGSCI?), you might want to examine your security rules more deeply. SafeGuard is more
    likely the solution as others have said, or changing the program to open the file read-protected or read-shared.
    --Randall

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bry Pas@21:1/5 to All on Fri Mar 31 05:33:41 2023
    Thank you all for the inputs. Resolved it by adding Safeguard access to subvol level. Cheers!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)