XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix C: The ACACL File
XYPRO Technology Corporation 206 Proprietary and Confidential
C74: RUNCHECK
This keyword invokes a routine that prevents the execution of commands with a
"/IN.../" file specified. This prevents a user from going around XAC’s inherent security
by using a subsidiary RUN from within the program being executed.
Note: CMI, EDIT, TEDIT, and SCF may require this extra protection even when they
are not used in “privileged” ACACL Command Entries because of the built-in
ability to run programs from within these programs. RUNCHECK should always
be set for privileged utilities or userids, whether or not OPENSBYOBJECTS is
specified.
RUNCHECK prevents the command line input of "/IN.../" in all forms so that all
processes run MUST come through the XYGATEAC process. If RUNCHECK prohibits
execution of an "/IN .../" process, a violation is logged and this error message is
displayed: Usage of 'IN <filename>' is not allowed.
Example:
COMMAND SQLCI-MGR
DESCRIPTION "SQLCI AS APPL.MGR"
USER APPL.MGR
OBJECT $SYSTEM.SYSNN.SQLCI
ACL APPL.*
DENY APPL.DB
FC#
FCPROMPT ">>"
TIMEOUT 900
PAGE
PROMPT "'(',PAID,')-',FC#"
OPENSBYOBJECTS $*.*.*
RUNCHECK
When this XAC command is used to start an SQLCI session, the RUN command will
not support an /IN ../ specification. See below for a sample execution:
$VDEL DENNIS 7> xac sqlci-255
XYGATEAC 5.61 XYPRO \N1 20991231 (see <<CONFIG for Copyright)
SQL Conversational Interface - T9191H01^ACM - (01OCT09)
(C) 1987 COMPAQ (C) 2006 Hewlett Packard Development Company, L.P.
(14,156)- 1 >> FUP/IN APPLOBEY.CLEANUP/
XAC - Usage of 'IN <filename>' is not allowed
Note: The order of evaluation of commands is ALIAS, %parameters, FKEY,
ALLOWCMD / DENYCMD, COMMANDESC and RUNCHECK. The
RUNCHECK scan of the line for /IN .../ specification will occur after all other
evaluation has occurred, immediately before the line is executed.