Scott, >Also ran isrddn selects on both it was found on 1.10 but not found on 1.12 could you please check SMPE on the 1.12 system (MVS.GLOBAL.CSI) if sysmod IMS0001 is installed? If so, then please check where DFSMRCL0 is located on the 1.12 system (adcd.*.linklib?)
> We have 1.10 running level 0903 , it's there...in sys1.lpalib This is interesting. SYS1.LPALIB is not covered in the 1.13 RACF database by any profile in the PROGRAM class. Not sure if it was covered by a program profile in the 1.10 database. What about program control for programs loaded from LPA? LPA modules fetched from LPA in z/OS are considered APF auth'd, is there a similar rule for address spaces requiring program control? > Just curios, because it still isn't clear why Barbara had no problem > with FTP on her V1.10 system. I am told by our provider that ftp works on all 1.13 ADCD systems where the RACF database wasn't cleaned up by me. I am inclined to believe them because they use ftp to do the IP definitions, usually using the ADCDMST userid. Which is how I found out that ftp was broken. So either there is another backdoor that would allow ftp to run in a non-program-controlled environment (remember, that system comes with bpx.daemon defined with UACC(READ) and userids WEBSRV, IMWEBSRV, CBLDAP, IBMUSER and ZOSMFAD having explicit access up to alter to it - none of them looks like having anything to do with ftp, and adcd.z113.linklib is not program-controlled) or I made a huge (but not obvious to me) mistake when I cleaned up RACF. Which is why I am harping on this. Barbara ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
