Hi!
> > Each program has its own userid (due to security and local storage
> > management reasons) with ftp access.
> > Each program has its own HFS mounted under /usr/lpp/, eg.
> > /usr/lpp/fejlsws/
> > It works well, but due to unix file access rights (eg. others: r-x)
> > and RACF UACC read, users can read much more files than they should.
> > So I want to restrict each user to access contents under it's home
> > directory only. eg. /usr/lpp/fejlsws/.
> > Not more, no access to / or other directories just under
> > /usr/lpp/fejlsws/.
>
> As R.S. pointed out, if you can make the user IDs RESTRICTED in RACF
> then UACC(READ), GLOBAL, and (if you set some additional options)
> permissions for "other" will not apply to those users. They can only
> access data you have specifically given them access to.
>
It sounds good.
I have tried it. Restriction works. :)
ICH408I USER(SSCSWS ) GROUP(SSCSUPP ) NAME(SSC SAPIENS WORKST ) 801
FTPDNS CL(PROGRAM )
INSUFFICIENT ACCESS AUTHORITY
FROM * (G)
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
CSV025I PROGRAM CONTROLLED MODULE FTPDNS NOT ACCESSED, USER UNAUTHORIZ
ED
Which profile should I create to eliminate this.
Thanks in advance.
--
Üdvözlettel/Best regards: FEJOS Tamas (TMS)
z/OS Systems Programmer, http://www.ferrinfo.hu
gpg --keyserver hkp://pgp.mit.edu --recv-keys CDC7F2D3
_______________________________________________________________________
How do you make Windows faster ? Throw it harder
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
