FYI a recent audit challenged the use of UID 0. The upshot was that UID 0 be allowed only with a clearly stated vendor requirement to include why the mission could not be accomplished with SU as needed. Even then, management approval was required.
Please, no debate over questionable audit findings. Even with the added protection of z/os security, UID zero is a significant risk. (Hold on to your hat, but the auditor was able to describe a very plausible scenario with an impressive grasp of the technical details.) 'Nuff said. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Chase, John Sent: Thursday, May 29, 2008 9:10 AM To: IBM-MAIN@BAMA.UA.EDU Subject: z/OS 1.9 - STC userIDs - RACF OMVS segments Hi, All, We just IPLed z/OS 1.9 in the "sandbox", and among the "new stuff" we noticed was an ICH408I message for the TMON userID not having READ access to BPX.SUPERUSER. After "fixing" that, I issued a LISTUSER tmonID OMVS and discovered that it doesn't have an OMVS segment (its default GROUP _does_ have one with a GID). With z/OS becoming ever more tightly integrated with the UNIX side of things, might it be wise to create OMVS segments for all STC userIDs now? Corollary question: Are there any UNIX-y things more-or-less "commonly used" in z/OS that WILL NOT RUN without UID = 0? BTW, ISPF option 3.17 looks to be "really handy". Thanks, IBM. TIA, -jc- NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
