HP OpenVMS System Manager's Manual, Volume 2:... |
Managing Page, Swap, and Dump Files |
|
|
| |
By default, process dumps are written to the current default directory of the user. You can override this by defining the logical name SYS$PROCDMP to identify an alternate directory path. Note that the name of the process dump file is always the same as the name of the main image active at the time the process dump is written, with the file extension .DMP.
On Alpha and I64 systems, a process dump is either complete or partial. A complete process dump contains all of process space and all process-pertinent data from system space. A partial process dump contains only user-readable data from process space and only those data structures from system space that are not deemed sensitive. Privileged or protected data, such as an encryption key in third-party software, might be considered sensitive.
On Alpha and I64 systems, you can force a dump to be written for another process with the DCL command SET PROCESS/DUMP=NOW process-spec . This command causes the contents of the address space occupied by process-spec to be written immediately to the file named image-name.DMP in the current directory of process-spec.
For more information about the DCL command SET PROCESS/DUMP, refer to the HP OpenVMS DCL Dictionary: N--Z.
Understanding
Privileged Users and Access to Process Dumps (Alpha and I64) ![]()
For this discussion, a privileged user is one who satisfies
one of the following conditions:
Holders of CMKRNL or CMEXEC can write complete process dumps. Holders of any of the other privileges mentioned above can read a process dump wherever it has been written.
In general, nonprivileged users should not be able to read complete process dumps, and by default they cannot do so. However, certain situations require that a nonprivileged user be able to read a complete process dump. Other situations require that a nonprivileged user be able to create a complete process dump but be able to read only a partial process dump.
Rights identifier IMGDMP$READALL enables a nonprivileged user to read a complete process dump. Rights identifier IMGDMP$PROTECT protects a complete process dump from being read by the nonprivileged user that created the process dump. These rights identifiers are created during the installation of OpenVMS by the image SYS$SYSTEM:IMGDMP_RIGHTS.EXE, which is also run automatically during system startup to ensure that these rights identifiers exist with the correct values and attributes.
If these rights identifiers have been deleted, you can run SYS$SYSTEM:IMGDMP_RIGHTS.EXE to recreate them. For example:
$ RUN SYS$SYSTEM:IMGDMP_RIGHTS
%PROCDUMP-I-CREATED, rights identifier IMGDMP$READALL successfully created
%PROCDUMP-I-CREATED, rights identifier IMGDMP$PROTECT successfully createdNote that IMGDMP$READALL has no attributes, but IMGDMP$PROTECT
is created with the RESOURCE attribute.
Granting
Access to Process Dumps (Alpha and I64) ![]()
To allow a nonprivileged user to write and read complete process
dumps, grant the rights identifier IMGDMP$READALL to the user. If
the IMGDMP$READALL rights identifier does not exist, run the image SYS$SYSTEM:IMGDMP_RIGHTS.EXE
to create it (see
Understanding Privileged Users and Access to Process Dumps (Alpha and I64)).
Then use AUTHORIZE to grant the rights identifier to the user. For
example:
$ DEFINE /USER SYSUAF SYS$SYSTEM:SYSUAF.DAT !if necessary
$ RUN SYS$SYSTEM:AUTHORIZE
UAF> GRANT /IDENTIFIER IMGDMP$READALL <user>
UAF> EXITNote that the user must log out and log in again to be able
to exercise the rights identifier. A nonprivileged user with rights
identifier IMGDMP$READALL can read and write complete process dumps
without restriction.
Restricting Access to Process Dumps (Alpha
and I64) ![]()
You can allow a nonprivileged user to write a complete process
dump and at the same time prevent the user from reading that process
dump. To do so, perform the following steps:
$ CREATE /DIRECTORY DKA300:[PROCDUMPS] -
/PROTECTION=(S:RWE,O:RWE,G,W) /OWNER_UIC=IMGDMP$PROTECT
$ SET SECURITY DKA300:[000000]PROCDUMPS.DIR -
/ACL=( (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:), -
(IDENTIFIER=IMGDMP$PROTECT,ACCESS=READ+WRITE), -
(IDENTIFIER=IMGDMP$PROTECT,OPTIONS=DEFAULT, -
ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL), -
(CREATOR,ACCESS=NONE))$ DEFINE /SYSTEM /EXECUTIVE_MODE SYS$PROTECTED_PROCDMP DKA300:[PROCDUMPS]
$ RUN SYS$SYSTEM:SYSMAN
SYSMAN> DISKQUOTA CREATE /DEVICE=DKA300 ! if necessary
SYSMAN> DISKQUOTA ENABLE /DEVICE=DKA300 ! if necessary
SYSMAN> DISKQUOTA ADD IMGDMP$PROTECT /DEVICE=DKA300 /PERMQUOTA=10000
SYSMAN> DISKQUOTA REBUILD /DEVICE=DKA300 ! if necessary
SYSMAN> EXIT| Do not grant IMGDMP$PROTECT to any user. It is granted and revoked as needed by SYS$SHARE:IMGDMP.EXE from executive mode while writing a process dump. If you grant it permanently to a user, then that user has access to all process dumps written to the protected directory. |
Note that to take a process dump when the image is installed with elevated privileges or belongs to a protected subsystem, the user must hold CMKRNL privilege, and is by definition a privileged user (see Understanding Privileged Users and Access to Process Dumps (Alpha and I64)).
|
|