I have a question on BaaN Unix file security. What does BaaN use (bshell6.1), to decide the file security foe new files generated
from BaaN sessions (I.E. ASCIF print files).

Here is why I am curious!

We have the ipc_info changed to execute a unix script to set up the BaaN environment prior to execing the bshell6.1 command. In the script we have the umask instruction set to 660 (why, I do not know). This shoud create a file with ------rwx security, but it actually creates a file rw-rw----. I checked the /etc/profile file and it also contains a umask command of 002 which should create a file rw-rw-r--. I am not sure, but I suspect that the default umask for the Unix box is 006 (rw-rw----).

Thanks

What does the commands `man umask` and `man chmod` tell you? Do they explain enough to understand what the bshell does?

I am familier with these commands, but the man command for these commands does not explain what the bshell is doing.
I am curious of what the bshell is using for it's file security, the system default, any security set in /etc/profile or the ipc_info environemnt script that sets any file security.

I am confused at your interpretation of the permission codes. My understanding is below.

1 = execute
2 = write
4 = read
therefore:
660 = rw-rw----
002 = -------w-
006 = ------rw-

Evertsen

The umask command subtracts the numbers fro 666 for it's file
security. Thus umask 002 would be;

666
002-
-----
664 or rw-rw-r

If it is a directory being created, then it subtracts the umask given from 777.

there is an error in my note though, umask of 660 should create a file, (666-660 = 006), as ------rw- instead of ------rwx.

More info from BaaN support site -


You can also use the umask option. For more information you can check solution 77916.

SOLUTION 77916
Default permissions used by bshell when generate ASCII files on the OS.

SITUATION IDENTIFIED IN:
Bshell environment

SITUATION DESCRIPTION:
Default permissions used by bshell code when generate ASCII files on Operating System using Baan device. By default the umask is set to 06 because this value is hard-coded in bshell.

SOLUTION DESCRIPTION:
The value of 06 can be narrowed down by using the environment variable BMASK. The value of BMASK is OR-ed with 06. So it is not possible to set permissions lower than 06 , for example it isn't possible to set BMASK to 02 or 00.

A new environment variable is introduced called: USE_BMASK_AS_ABSOLUTE.
When this variable is set to 1, the value of BMASK is not OR-ed with 06 anymore, but used as an absolute umask. So in this way you can obtain an umask like 02 or 00.

Ways to implement:
1) ASCII implementation:
Set up these variables on the .profile from user
configuration.
USE_BMASK_AS_ABSOLUTE=1
BMASK=02

2) BW implementation:
Set up these variables on command line from the BW user
configuration
-- -set USE_BMASK_AS_ABSOLUTE=1 -set BMASK=02

With this implementation you will obtain the mask "rw- rw- r--" on the Operating System.

LAST MODIFIED ON: 30-11-99

NOTE:
This solution is applicable for UNIX .

COMMENTS: Be very careful in using this functionality. The default
setting of 06 in bshell was introduced for good security reasons. Do serious tests after introducing this.