Hi Mickael.
Working with Frederic on this kind of subject.
I introduced a custom autoextvj function, which cast a denied when owner of the job is root and when command attribute is differente of a "su - " kind of command.
In order to add "some weird shit" functionnality, i also added a yaml file with my rule to check... This was plaisant to code in C++ after so many years. I passed my code to valgrind to be sure that no memory leak was introduced by the code \o/
But i'm bothered about one thing.
the pJobInfo structure,
typedef struct __AUTOEXTVJ_JOBINFO {
AUTOEXTVJ_ACTION action;
int syntax_mode;
char job_name[64+1];
char box_name[64+1];
char job_type[32+1];
} AUTOEXTVJ_JOBINFO;
the "job_type" attribute available in the __AUTOEXTVJ_JILKEYVAL structure when inserting a job.
whenever you UPDATE a job, the job_type is not reloaded from database to the JILKEYVAL, and in the JOBINFO, the value is "^".
So, i'm not able to load a specific rule file which is different whenever we insert / update a box, or a sap job and so on...
i do think that "^" means it is not changed. But why do the jilkeyval is a merge of the database attributes values and the jil input, and not the pJobInfo ?
My code works perfectly on insert case (we always have the job_type in pJobInfo and pJob) but on updates we can't determine the kind of job.
How do we get the job_type in case of update ?
Kind Regards,
Lionel
Original Message:
Sent: 11-19-2020 01:08 PM
From: Michael Woods
Subject: Need to exclude "owner: root" on insert/update job from jil binary.
Is the job currently owned by root? I notice you are doing an update, not an insert. It will check the existing owner to see if you have permission to the job to update it. It looks like it is failing on that initial check.
Mike
Original Message:
Sent: 11-19-2020 11:24 AM
From: Bastiani Frederic
Subject: Need to exclude "owner: root" on insert/update job from jil binary.
Hi,
It's 11.3.6 SP8 CUM1
Best regards
Original Message:
Sent: 11-19-2020 10:49 AM
From: Michael Woods
Subject: Need to exclude "owner: root" on insert/update job from jil binary.
Hi, What version of autosys are you running? I seem to remember an old problem, where it was passing the user running jil as opposed to what was in the job definition.
Mike
Original Message:
Sent: 11-19-2020 09:06 AM
From: Bastiani Frederic
Subject: Need to exclude "owner: root" on insert/update job from jil binary.
Hi,
I follow your recommendation but it's not working:
Original Message:
Sent: 11-19-2020 08:25 AM
From: Joseph Poutre
Subject: Need to exclude "owner: root" on insert/update job from jil binary.
Hello Bastiani,
You can create an exclude policy under the as_owner section in EEM to block people from creating jobs with owner root. We did that a previous employer, allowing only the Unix team members to create jobs owned by root.
Regards,
Joe Poutre
Original Message:
Sent: 11-17-2020 05:47 AM
From: Bastiani Frederic
Subject: Need to exclude "owner: root" on insert/update job from jil binary.
Hi,
I would like to block all users who want to insert or update JIL with owner: root.
It's impossible to do that directly on EEM ,but i know that you can do it by "autoextvj".
The problem is: I DON'T KNOW HOW TO SCRIPT IN C(++).
Does a person in this communitie did it?
Thanks a million for your answer.
Best regards