On Thu, 20 Dec 2012 17:27:31 +0100, Hunkeler Peter (KIUP 4) <[email protected]> wrote:
>There really are only a few processes that need READ access to BPX.DAEMON: > >- cron >- rlogind >- rshd >- uucpd >Neither FTP, nor HTTPD (IMWEBSRV), nor LDAP, nor "all other STC's" need it. I'm not the RACF admin, but I'm sure some of those permissions in the list I provided came from vendor documentation. Regarding your command that "all other STCs" don't need it", that can be true of just about any permission given to a group. It is just good practice from a RACF admin standpoint to permit to groups instead of individual userids most of the time. In this case, STCs are trusted, so I don't see a problem with the blanket permission that may prevent me from having to get a specific permission in the future. If you are implying that your list is the only thing on z/OS to ever need BPX.DAEMON, you are looking at this only from an IBM standpoint and not from anything home grown or from other vendors. For example, the STC group in the list I provided is connected the the CA-MSM tomcat web server, which requires BPX,DAEMON access. There could be other IBM software also. Does WebSphere Application Server require it? If so, that would the other reason "stc group" was in the list. My client has a very heavy WAS on z/OS environment. Regards, Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:[email protected] Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
