8/14/2019 aprite

1/13

(WS)

*Syntax Overview:

ApRite [parameters]ApRun

Accepted parameters:

ApRite /InstallInitiate or re-initiate application system

ApRite /DestroyDelete/Remove the complete application system

ApRite /Masters [+|- ]List/Define accepted application users

ApRite /SLaves [+|- ]List/Define users that are accepted as slaves

ApRite /Admin [+|- ]List/Define application system administrators

ApRite /Allow command Allow [user] access to specified command

ApRite /Remove Remove application from application system

ApRite /SHowShow status and list current allowed commands

ApRite /STatus [Masters|Slaves Pause|Cont]

Show or change application system status

ApRite /?Display syntax overview

*ApRite / ApRun : Application System - Description

Purpose:Grant rights to applications: Run applications with NetWarerights that differ from the rights of the person calling theapplication.

8/14/2019 aprite

2/13

The complete system is based on NetWare security.

Features:- Allow users to change user ID while 3rd party applications

are run.- Multiple security levels based on NetWare security.- Management tool to administer and view the ApRite security.- Built-in self test for virus infection.

Author:Wolfgang Schreiber (all rights reserved)

Components:ApRite.EXE Administration toolApRite.DOC DocumentationApRun.EXE Launch applications

*Quick Start:

Within 5 minutes you can get a quick impression of thecapabilities of ApRun:

1) Initiate ApRun:"ApRite /Install"

2) Give a second user (e.g. GUEST) the right to runSYSCON in your name:

"ApRite /Allow SYSCON GUEST"3) Login as GUEST and run SYSCON (with/without ApRun):

"ApRun SYSCON"

If you want to remove GUEST's privileges you have two choices:

4a) Login as Supervisor and revoke the privileges:"ApRite /Remove " [Insert appr allowance nr]

4b) Remove GUEST from the list of accepted masters:"ApRite /Master - GUEST"

*License:

The publisher has thoroughly developed and tested the functionsof ApRun/ApRite but cannot take any liability for adverseeffects or damage that might be caused by softwaremalfunctions, erroneous or incomplete documentation.

Orders can be sent directly to the publisher.International distributors wanted.

Retail price: US $199 for first file server,US $ 30 for additional server licenses*Demo Version

The 3 files APRITE.EXE, APRUN.EXE, and APRITE.DOC mayfreely be copied to other file servers. But since ApRiteis a commercial application, unlicensed users may onlyhave a 60 days testing period.Within this period users can test all features of ApRiteon any number of file servers.About 60 days after its installation on a server it will

8/14/2019 aprite

3/13

disable itself. When the demo time is over, only theoptions "ApRite /?" and "ApRite /Destroy" will remainactive.Warning: if the demo version detects a file server datechange it might disable itself immediately.

*Publisher:

Dr. Wolfgang SchreiberSchanzenstr. 744000 Dusseldorf (Germany)

Fax: (xx49) - 211 - 55 64 69

Any comments, suggestions, or error reports are welcome.Users who detect bugs and document those bugs to thepublisher will be the first to receive the next release ofthe application.

Written in Borland's TurboPascal v6.0

*Concepts:

ApRite is using a concept called 'Application System' and itsimplementation in based on the NetWare concept of a 'JobServer'.

ApRite uses the terms 'Application System', 'MASTER', 'SLAVE','ADMINISTRATOR', 'COMMAND', and 'OPTIONS'. Usage of those termsmust be explained shortly.

Application System: The term 'application system' is used todescribe the complete environment supplied by ApRite and ApRunto support rights granted to applications.The application system must be initialized by the Supervisor oran equivalent before users can access it.

To explain the other concepts we will refer to some commandlines as examples (assumed that U_M and U_S are valid usernames):

1) "ApRite /Allow SYSCON U_M" issued by U_S (Slave)2) "ApRite /Allow FILER" issued by U_S (Slave)3) "ApRun SYSCON" issued by U_M (Master)

SLAVE: A slave is a NetWare user who grants his/her NetWarerights to a master, whenever the master will call a specified

program.A slave must have been admitted to the application systemby the SUPERVISOR ("ApRite /SLaves ...").The slave must have specified the commands (and itsaccepted masters) that can be run in his/her name, beforeany master can run an application in the name of a slave,("ApRite /Allow ").In the example given above the user U_S gives the user U_Mthe right to call SYSCON (command 1) - this means that U_Mwill get the rights of U_S while running SYSCON.Then U_S allows every legitimate application system master

8/14/2019 aprite

4/13

to run FILER with the rights of U_S (command 2).

MASTER: A master is a NetWare user who is logged in to aNetWare file server and wants to run an application withdifferent rights than those that he usually has.Masters must have been admitted to the application system bythe SUPERVISOR ("ApRite /Masters ...").A master can issue a program call with the rights of a 'slave'if the slave has allowed (this master) to run an application inhis/her name.

COMMAND/OPTIONS: A standard DOS command line usuallycontains the (path and) name of an executable command withor without additional options/parameters).The term 'Command' in this script includes all characters up tothe first blank in the command line. It consists of an optionalvalid DOS path followed by a file name and it may include theextension of the application.The term 'Options' refers to everything that follows the firstblank in the normal DOS call.

ADMINISTRATOR: An application system administrator canview and change the status of the application system. Theadministrator can see all allowed applications, can removespecific applications from the system, can halt or restartthe system.By default only the person who installs the applicationsystem is created as system administrator.New administrators can be defined by the supervisor("ApRite /Admin ...").

*Installation and Usage:

- Read the READ.ME file from the installation disk forinformation about the first steps;

- Copy all files from the installation disk to a NetWorkdirectory;

- Setup the system by calling "ApRite /Install"

- Define legitimate slaves with "ApRite /Slaves ..."(Users who give their rights to applications)

- Define legitimate masters with "ApRite /Masters ..."(Users who receive new rights in applications)

- A legitimate slave grants application rights with"ApRite /Allow ..."

- Legitimate masters now can call "ApRun" to start theadmitted applications.

*Security:

The application system includes several layers of protection toensure that only accepted users get access to the system:

8/14/2019 aprite

5/13

- only a Supervisor (or eqivalent) can initiate the system;

- only specified users can get access to the system; they musthave been admitted to the system as 'slaves' or 'masters' bythe supervisor;

- the user ('slave') who gives his rights to other users('masters') must actively allow those users access tospecified applications;

- only the specified applications can be called; use of theseapplications can be restricted to specified persons;

- the master can call the selected applications only if thoseapplications have not been changed since access was granted;

- the supervisor or administrator can monitor and change thecurrent status of the application system.

- the supervisor or an assigned 'administrator' can removespecified applications from the system;

- The automatic self test for virus infection will display awarning if ApRite.EXE is infected by a virus.

*Multi-Server Environments

The application system is always file server specific: ApRitewill define how rights may be changed on the current server.ApRun will change the rights only for the current server.

The current file server is defined by your current defaultdrive letter. ApRun will always modify rights on a singleserver: the server of your default drive.

*Syntax: ApRite [/parameter]

All options of ApRite can be abbreviated as long as thoseshortcuts are unique: "ApRite /I" or "ApRite /SH" are validshortcuts.

This overview presents optional parameters within squarebrackets "[xxx]", user supplied names (e.g. user names orcommands) in angle brackets "". Upper vs. lower case

letters do not make any difference.

*ApRite /?

Display syntax overview

This command give an overview over the features and availableparameters of ApRite.EXE with basic explanations of their effects.

Example: ApRite /?

8/14/2019 aprite

6/13

*ApRite /Install

Initiate or Re-Initiate application system

Before using any of the following ApRite parameters theapplication system has to be established.

The installation procedure will only take about a second andwill initiate security and all relevant variables.None of the ApRite/ApRun application parts stays resident in aworkstation's RAM. The application system uses similar binderysecurity as NetWare itself; it will store security informationin the NetWare bindery.

WARNING: If "ApRite /Install" is issued a second time, it willcompletely reset the application system: all masters, slaves,administrators, or information about accepted applications willbe removed.You will be asked for confirmation if the application system isalready installed.

This option is for supervisors only.

Example: ApRite /Inst*ApRite /Destroy

Delete/Remove the complete application system

This option can be used to completely remove the applicationsystem structure from your file server.The only way to recover from the effects of "/Destroy" is torestore the file server from a previous backup.

This option is for supervisors only.

Example: ApRite /Dest

*ApRite /Masters [+|- ]

List/Define accepted application users

See the discussion of the master-slave concept above. Mastersare NetWare users that are allowed to take the identity andrights of a 'slave' while a program is executed. Only the usersadmitted to the application system as masters are allowed torun applications with the temporary ID of a slave.

Before a slave can specify a user as master (that means beforehe/she can allow a master to run the application in the slave'sname) the supervisor must have admitted both slave and master tothe application system. This is done with "ApRite /Slaves ..."and "ApRite /Masters ..."

Specifying '+' will add new masters, '-' will remove existingmasters.

Users and groups can be accepted as masters. If a group isspecified, ApRite will add or remove each group member

8/14/2019 aprite

7/13

individually: the call "ApRite /Masters - everyone" willremove all masters.

A slave with supervisor rights can implicitly add masters withthe "/Allow" option (see there). This feature applies tosupervisors only.

Example: ApRite /Master + guestApRite /Master - everyoneApRite /Ma + guest

*ApRite /SLaves [+|- ]

List/Define users that are accepted as slaves

See the discussion of the master-slave concept above. Slavesare NetWare users whose rights are granted to a master whilea program is executed.

Only the users admitted to the application system as slavesare allowed to transfer their rights to a application user(master).Before any slave can allow an application to be run in theslave's name, the supervisor must have admitted the user asslave to the application system. This is done with "ApRite/SLaves ..."

Specifying '+' will add new slaves, '-' will remove existingslaves.

Users and groups can be accepted as slaves.

This option is for supervisors only.

Example: ApRite /Slave + guestApRite /Slave - guestApRite /SL + everyone

*ApRite /ADmin [+|- ]

List/Define application system administrators

An administrator can monitor the status of the applicationsystem, view the list of accepted slaves, masters, andapplications, and remove specific applications from the system.The administrator is comparable to a queue operator in theprinting environment.

Specifying '+' will add new administrators, '-' will removeexisting administrators.

Users and groups can be accepted as slaves.

This option is for supervisors only.

Example: ApRite /Admin + guest

*

8/14/2019 aprite

8/13

ApRite /ALlow [command []]Allow [user] access to specified command

The option "/Allow" enables a slave to specify, what command isallowed to be executed in his/her name. This option adds thenew command to the list of accepted commands. An acceptedmaster is thereby enabled to run this command in the name ofthe slave.

The command must contain at least a valid filename; it mayinclude an optional drive/path specification and/orextension. ApRite searches for the specified command file toadd it to its list, so the application must be in the defaultdrive or in one of the search drives, if no path is specified.

The specified command can be located on a local drive or secondfile server, but the rights change will always affect only thecurrent default server (i.e.: the server where the defaultdrive is located).

If the application (and optional master) is accepted by thesystem, it will display the new list of accepted applications.Each registered application automatically receives a uniqueapplication ID. This ID can be used to remove specificapplications from the system (if desired).

All valid file names will be accepted, but only COM, EXE, andBAT files give sense.

To use the parameter "/ALLOW" the user must be in the list ofaccepted slaves, and he/she needs search/file scan rights inthe directory of the specified command.

If no user is specified after the command, the application canbe started by any accepted master. If the specified user isunknown or not accepted as master the command will not execute.

If a supervisor equivalent specifies a user who is not aregistered master yet, the system will automatically add theuser to the master list.

If "ApRite /ALlow" is not followed by a command, it will listthe current accepted applications entered by the user.

Only users - no groups - can be accepted as masters.

This option is for supervisors and accepted slaves only.

Example: ApRite /Allow sysconApRite /Allow syscon.exe guestApRite /Al k:\sub\this.bat guest

*ApRite /Remove

Remove application from application system

Every entry in the list of accepted applications can beidentified by its entry ID. The IDs are constants and areassigned by NetWare.

8/14/2019 aprite

9/13

Applications can be removed from the system list by a systemadministrator or by the slave who added the entry to the list.

This option is for supervisors and administrators only.

Example: ApRite /Remove 473*ApRite /STatus [Masters|Slaves Pause|Continue]

Show or change application system status

Comprehensive system status information is displayed.

In addition to the status display a supervisor or administratorcan change its status.

You can determine if slaves may add new jobs to the applicationsystem, or if masters may access the application system toacquire the slaves' rights.

'ApRite /Status Masters Pause' will de-activate the applicationsystem without destroying any of the stored information:Currently active ApRun applications can be continued, but nomaster can start new ApRun commands. 'Continue' willre-activate the application system.

'ApRite /Status Slaves Pause' will prevent slaves to add newapplications to the application system. Masters still can accessthe system to acquire the slaves' rights. All exixting informationwill be kept.

Examples: ApRite /StatusApRite /St Masters pauseApRite /St Slaves Cont

*ApRite /SHow

Show status and list current accepted applications

'/SHow' will not only display the short status report, butadditionally list the current accepted slaves, masters,administrators, and applications.

This option is for supervisors and administrators only.

Example: ApRite /Show

*

ApRun [parameter list]Run applications with another identity

If an accepted master wants to start an accepted application inthe name of a slave, the command must be launched by ApRun.Without ApRun the application would run with the default rightsof the program caller.

The command can be followed by the parameters as required bythe launched application's syntax. Use the normal commandsyntax, and simply add 'ApRun' at the beginning of the command

8/14/2019 aprite

10/13

line.

Masters who want to launch applications need Search/File Scanrights in the application directory. If the command is not tobe found in one of the master's search drives, it must includea drive/path specification.

ApRun.EXE will use approximately 25 Kb of the workstation RAMwhile the launched application is running. It therefore limitsthe RAM available to that application. Since ApRun is not a TSRprogram it will not stay in the workstation memory exceptduring the execution of the launched program.

This option is for accepted masters only.

Example: ApRun SYSCONApRun NCOPY Z:*.* k: /subApRun C:\this.bat par1 par2

*Limitations:

Due to NetWare limitations and ApRun's implementation there areseveral aspects administrators should keep in mind.

- Number of application configurations: The list of acceptedapplication/rights configurations may include up to 250entries.

- Number of slaves running ApRun simultaneously on one fileserver: 250

- Memory: since ApRun.EXE has to stay in memory while itchanges the rights of a master to the rights of the slaves,and since it has to stay active until the original rightsare restored, there is only a restricted area of RAMavailable to slave applications.Generally ApRun.EXE takes about 25 kB of RAM during theexecution of slave applications. The RAM available toapplications will be higher if those are COM or EXE files,a little less with BAT files (since ApRun uses COMMAND.COMto run batch jobs).If memory is a problem, you might consider to use 3rd partymemory manager (like HIMEM, EMM386, or QEMM386) to load somedrivers and TSRs to high memory areas. DOS v4.x will usuallyleave less memory to applications than DOS v3.x or v5.x.

- Multitasking: if ApRun were used in a multitaskingenvironment, ALL tasks would change to the slave's

identity as long as one task runs an application withApRun. Similar considerations apply to task switchingenvironments like DR-DOS v6.x or MS-DOS v5.x.To avoid bypassing of NetWare security, ApRun will not rununder Windows or in other multitasking environments.

- TSR programs: The complete station of the master willreceive the rights and identity of the slave during programexecution. Obviously this will affect TSRs that have beenloaded previously, too. Therefore TSRs might in some casesrepresent a breach in security since they receive the same

8/14/2019 aprite

11/13

rights as the legitimate application.In most situations this will not be a problem.

- Application Updates / Program changes: If a slave allowsaccess to an application ApRun tries to ensure that thisprogram is run without any changes. Future masters can runthe accepted application only in its current form (forsecurity reasons). Any changes to the program will preventmasters from being able to start that application. The slavehas to re-allow access whenever an application is modified.

- NetWare bugs: Due to a NetWare bug few NetWare commands(e.g. SETPASS) will not execute with the ID of theSLAVE but with the ID of the MASTER. This will onlyaffect commands that use a specific NetWare API(GetConnectionInformation). Most commands however willwork as expected and run with the ID of the SLAVE.Novell is aware of this bug in NetWare v3.11 - andhopefully fix it in a future NetWare version.

Due to the above mentioned limitations the followingsuggestions are strongly recommended:

- Create special users who only have the rights to run oneapplication. The trustee rights of those users might includeonly a single directory. Accept only those user names asslaves.Take into account that background applications (TSRs)receive the slave's rights, too.

- Specify the name of the acceptable master in the 'Allow'command whenever possible. This is especially recommendedif the slave has supervisor rights.

*Troubleshooting

General Problems

Problem: An application is not executed though it hasbeen installed with 'ApRite /Allow ...'

Possible Causes: - The user does not have a search path to theapplication or does not have sufficient rights(File Scan/Search rights may be enough).

Solution: Check the user's path and rights.

Problem: A virus warning is displayed.Possible Causes: - ApRite has a built in virus self-test. A virus

might have infected your system.- You have different versions of ApRite on your

system.Solution: Run a virus scan utility immediately.

8/14/2019 aprite

12/13

*Error messages

Message: 'Application list full'Possible Causes: The application system can save up to 250

applications. You exceeded this limit.Solution: Delete some unneeded applications from the list

with 'ApRite /Remove'.

Message: 'Application System not yet initialized'Possible Causes: ApRite is not yet installed on this serverSolution: Install ApRite. Make sure that you have one

license per file server.

Message: 'ApRite-Demoversion. Valid only .. days'Possible Causes: - You do not have a full version of ApRite but a

limited demo version on this server. The timelimit has expired.

Solution: Purchase a full license.Possible Causes: - On a multi-server system you try to run ApRite

on another server than the one that youinstalled ApRite on. You may use ApRite for thedemo period but have to purchase a license forevery server that you permanently want to installApRite on.

Solution: Purchase a full license.

Message: 'Could not access Application System'Possible Causes: ApRite is not yet installed on this serverSolution: Install ApRite. Make sure that you have one

license per file server.

Message: 'Demonstration time for ApRite on ... expired.'Possible Causes: You do not have a full version of ApRite but a

limited demo version on this server. The timelimit has expired.

Solution: Purchase a full license.

Message: ' is no accepted MASTER'Possible Causes: You tried to run ApRun but your are not accepted

as application master.Solution: Ask the supervisor to install you as ApRun

master ('ApRite /Master ...').

Message: 'Multitasking active'Possible Causes: You tried to run ApRun in an multitasking

environment (e.g. Windows, DesqView, TaskSwitcher). Due to security considerations thisis not accepted.

Solution: Start ApRun in a single task environment.

Message: 'Only a Supervisor can call this function !'Possible Causes: Some functions of ApRite are reserved for

Supervisors and equivalents.Solution: Login as supervisor and retry.

Message: 'Wildcards not acceptable'

8/14/2019 aprite

13/13

Possible Causes: You tried to run 'ApRite /Allow' with wildcards.Solution: Use only one application per command.#