In <[EMAIL PROTECTED]>,
on 02/01/2006
at 11:40 AM, "Pommier, Rex R." <[EMAIL PROTECTED]> said:
>I have a strange one. z/OS 1.4 on a Multiprise 3000 H50 box. Last
>night I got a call from operations that a FTP job blew on the 390
>trying to FTP to a wintel server with a "connection refused" error.
>In trying to diagnose the problem I had the operator try a ping to
>the same machine and then to a couple others. Each time, they
>received this error: "EZZ3115I Unable to open RAW socket: EDC5139I
>Operation not permitted." I logged on and was able to ping and ftp
>all I wanted without any errors. What I discovered was that I have
>an OMVS segment in RACF giving me UID 0 access and the IDs the
>operators are using have no OMVS segment at all. Giving them UID 0
>in newly-created OMVS segments allowed them to now run ping and FTP.
WTF? Talk about killing a fly with a sledge hammer, and begging to be
written up by the next auditor to come in the door. If someone
couldn't get into his office because he had no key, would you give him
a master key that let him open any door in the building instead of a
key to his office? Well, that's what you just did. You need to RTFM,
then create an *appropriate* OMVS segment.
>I made NO changes to RACF yet these things worked 1 day and not
>the next.
What things worked? Had the operator ever done a ping before?
>The only thing that I can see that changed was one of my network
>associates started working on building pools into a pair of F5 load
>balancers to allow me to load balance telnet and ftp traffic across
>both of the BusTech appliances we front-end the MP3000 with.
Aside from that, Mrs. Licoln, how was the play? That should have been
the first thing you looked at.
In <[EMAIL PROTECTED]>,
on 02/01/2006
at 02:43 PM, "Pommier, Rex R." <[EMAIL PROTECTED]> said:
>Thanks for the hints, but as you can see from above, it all looks OK
>- except that all the sudden I need UID 0.
Nothing that you described supports such a belief.
In <[EMAIL PROTECTED]>,
on 02/01/2006
at 03:25 PM, "Pommier, Rex R." <[EMAIL PROTECTED]> said:
>That's the problem. It broke on all 3 LPARs
What broke? FTP? That had nothing to do with RACF. As for ping,
nothing that you wrote suggests that the operator was ever able to use
it.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
