This contribution consists of a pair of user-written system
services that (temporarily) change the process uic to that
of the image-file uic, and restore it. This allows a non-
privileged programmer to control access to data file by other
non-privileged users. The programmer can prevent all world and 
group access to the data file, unless access is via the image
that the programmer writes.

A run-down handler is invoked when the image terminates to guarantee 
that the process uic is restored. Control-Y and control-C handlers 
are provided to prevent any attempt to reach DCL with the incorrect 
process uic.

The uic needs to be changed only long enough to open the data file - not
to read/write/update/delete records or close the file. This is because VMS 
only performs protection checks when a file is opened, not when operations 
are performed on the file. The code might look like:

	call system service to change process uic to executable uic
	open data file
	call system service to restore process uic
	open log file
	  .
	perform various reads and writes
	  .
	close data file
	close log file


The names of the system services are:

  BAT$CHANGE_TO_IMAGE_UIC ()
  BAT$RESTORE_PROCESS_UIC ()


It is possible for a program to link against multiple privileged-shareable
images.

I have made the assumption that the owner of the executable program also
owns the data file, or at least has ACL or UIC access to it.

Due to certain restrictions with privileged-shareable images, the executable
program must allow READ/EXECUTE access, not just EXECUTE access. 

The files in this directory include:

	AAAREADME.TXT  - This file
	BATUSSDISP.MAR - Source for system services
	BLD.COM        - Proc to build system services
	EXAMPLE.COM    - Proc to build data file and program
	                 to test system services


The author listed below welcomes any questions or suggestions:

	Mark Oakley
	Battelle Memorial Institute
	505 King Ave.
	Columbus, Ohio   43201-2693

	(614) 424-7154

	ARPAnet:  oakley@battelle.arpa