PMDF Programmer's Reference Manual


Previous Next Contents Index

2.3 Required Privileges

Like the PMDF API routines, privileges are required in order to use callable SEND. Enqueuing messages requires privileges sufficient to create, open, read from, and write to the queue cache database as well as to create subdirectories and files in the PMDF message queue directories. There are any number of ways of accomplishing this under OpenVMS; the typical being to have the program run under the SYSTEM account. On UNIX, this is accomplished by having your executable program owned and run by the pmdf account or, alternatively, owned by pmdf and have the setuid attribute set. On NT systems, PMDF_send can only be used by privileged accounts such as Administrator.

In order to submit mail under a user name which differs from that of the calling process, privileges are required. On OpenVMS, WORLD default privilege is needed. On UNIX, the process must have the same (real) UID as either the root or pmdf account. On NT, the process must be a privileged account such as Administrator.

In addition, under OpenVMS the account running your program must have SYSPRV and CMKRNL privileges. These privileges are required so that PMDF can submit any processing jobs required to handle an enqueued message. Note that PMDF itself does not use these privileges: they are required by the $SNDJBC system service call used to dispatch processing jobs.

In some applications, it is important to keep strict control over when privileges are enabled and disabled. To this end, the PMDF_PRIV_ENABLE_PROC and PMDF_PRIV_DISABLE_PROC item codes can be used to specify the addresses of two procedures to call immediately prior to and immediately after enqueuing a message. This allows the required privileges to be enabled only when they are needed --- when the message is enqueued --- and to remain disabled at all other times. Callable SEND does not use a condition handler, so if a fatal error occurs while enqueuing a message, it is up to the calling program to trap the error and, if necessary, disable any privileges which should be disabled. These procedures, if specified, should accept no arguments and return no return value (i.e., function result).

The privileges to be enabled must either be granted to the program using callable SEND (e.g., the program can be installed with privileges) or the process running the program must have the requisite privileges. Callable SEND and PMDF in no way provide these privileges.


Previous Next Contents Index