Thank you Rob Nothing specific in mind yet - Just gathering genral information for the security team. On Sun, 20 Mar 2011 11:34:29 -0400, Rob Schramm <[email protected]> wrote:
>Just think JZOS just like any other batch job or STC. > >Bare minimum, it needs to be like any basic user of Unix System Services. > Give it a UID/GID and a home.. it needs access to run java aka >/usr/lpp/java. Anything else past there is dependent on what you are >running. If it is just reading and writing data sets.. then give it data >set auth... console commands ... it needs OPERCMDS or however else you are >securing them. > >Do you have something specific that is running in JZOS that you are trying >to secure? > >Rob Schramm > >On Sun, Mar 20, 2011 at 10:51 AM, Patrick Kappeler <[email protected]>wrote: > >> Hello >> I'm looking for answers to specific questions I have reading the JZOS >> literature >> I could find on the net (developper works, redbooks, ...)...and no real >> answers >> in these documents. Questions like: >> - Does the RACF user starting the procedure or submitting need a UID with >> spcific privileges (or just an "others" from the JRE permission bits >> standpoint) ? >> - Can it be a RACF protected user ? >> - This one probably more on the z/OS side: If JZOS is enabled to transmit >> operator commands I'm assuming that they can be protected via profiles in >> the OPERCMDS class (or do I miss something) ? >> >> Would anybody know of a security oriented document for JZOS ? >> Thanks a lot >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: GET IBM-MAIN INFO >> Search the archives at http://bama.ua.edu/archives/ibm-main.html >> > > > >-- >Rob Schramm >Senior Systems Engineer > >w: 513.305.6224 > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
