>[snip] many that claim to require UID0 (e.g. because they do >not issue "su") will run perfectly well if you indicate >"trusted" in the STDATA segment associated with the STC's >"started" resource.
If auditors ask for justification on uid=0 assignment, they should ask for justification on the trusted attribute as well. The trusted attribute assigns uid=0 authority for UNIX related stuff, i.e. it is the same as if the STC was running with uid=0. *But* trusted assigns far reaching authority for MVS related stuff as well. E.g. that task can modify all MVS data sets. So, no, never assign the trusted attribute unless the products documentation asks for and explains why. A documented uid=0 requirement may be discussed with the owner of the software. Chances are that some of the UNIXPRIV class profiles suffice for what the software needs to do. -- Peter Hunkeler Credit Suisse ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
