Re: Apache + mod_php performance

On 10/11/2024 5:43 PM, Craig A. Berry wrote:

Well, you _can_ change the values:
 $ show security/class=device bg111
 _BG111: object of class DEVICE
      Owner: [SYSTEM]
      Protection: (System: RWPL, Owner: RWPL, Group: RWPL, World: RWPL)
      Access Control List: <empty>
 $ set security/class=device/protection=(w:r) bg111
$ show security/class=device bg111
 _BG111: object of class DEVICE
      Owner: [SYSTEM]
      Protection: (System: RWPL, Owner: RWPL, Group: RWPL, World: R)
      Access Control List: <empty>
 Note that World is now read, but write, physical, and logical have been
removed.  But I don't really know if that accomplished anything.  It
seems unlikely that BGDRIVER would just fill in values in a template
that don't mean anything, but testing out exactly what the protections
get you sounds like work.

The names give strong associations.
So I would expect:
IO$_READVBLK - need R
IO$_READLBLK - need R and L
IO$_READPBLK - need R and P
IO$_WRITEVBLK - need W
IO$_WRITELBLK - need W and L
IO$_WRITEPBLK - need W and P
And the guide to system security says:
<quote>
5.3.2. Types of Access
Devices can be shared and thus have concurrent users or be unshared and have a single user.
Shared devices support the following types of access:
Read Gives you the right to read data from the device
Write Gives you the right to write data to the device
Physical Gives you the right to perform physical I/O operations to the device
Logical Gives you the right to perform logical I/O operations to the device
Control Gives you the right to change the protection elements and owner of the device
Unshared devices support only read, write, and control access. The device driver rather than the
operating system's security policy defines the access requirements for other types of operations.
...
$QIO to file-oriented devices: disks and tapes
With file-oriented devices, logical I/O and physical I/O functions have common elements. Any
logical I/O function requires physical or logical access plus read access to read a block (READLBLK)
or write access to write a block (WRITELBLK). Any physical I/O function requires physical
access plus either read access to read a block (READPBLK) or write access to write a block
(WRITEPBLK). Logical and physical I/O also require LOG_IO and PHY_IO privileges, respectively.
...
$QIO to devices that are not file-oriented
With non-file-oriented devices, OpenVMS converts virtual read and write I/O requests to logical I/O
before processing them. Other kinds of access requests are not processed by OpenVMS; instead, the
request is passed to the device driver for processing.
In general, access requirements for devices that are not file oriented depend on whether the device is
shareable or nonshareable:
• Shareable device
With shareable devices, such as mailboxes, any virtual I/O function other than READVBLK/
WRITEVBLK is handled by the system I/O driver program. Any logical I/O function requires
privilege or logical access to the device. Any physical I/O function requires privilege or physical
access to the device.
• Unshareable devices
With unshareable devices, such as terminals or printers, the operating system checks only for read
or write access to perform virtual and logical I/O functions. Any physical I/O function requires
privilege.
</quote>
Which I read as confirmation. It works like expected for
file oriented devices and for shareable non file oriented
devices, but non shareable non file oriented devices ignore
L and P. BG devices are shareable non file oriented
devices.
Arne
Arne