On 2020-11-18, at 10:16:41, Frank Swarbrick wrote: > > Can you explain the difference between executing a script that executes the > program, which requires this, while running the program directly (with a > fully qualified path) does not? > I can hardly imagine a case where a program with a non-searchable directory in its path can be "[run] directly (with a fully qualified path)" but not from "a script that executes the program." Does the script also use a fully qualified path?
I'm skeptical without seeing a detailed example such as: myscript: #! /bin/sh -x /u/dvfjs/rocket/bin/curl chmod a-x /u/dvfjs/rocket/bin ls -lid /u/dvfjs/rocket/bin/curl # should get permission denied. cat myscript chmod a+rx myscript ls -lid myscript ./myscript # should get permission denied. # while: /u/dvfjs/rocket/bin/curl # should likewise get permission denied. # If it succeeds it's because the z/OS kernel breaks # (more precisely fails to enforce) the rules. # That should be subject to APAR. > ________________________________ > From: Kirk Wolf > Sent: Wednesday, November 18, 2020 10:13 AM > > You need directory search (x) permission for every directory in the path in > order to access a file or subdirectory with a known name. > > So in your example, the user must have search (x) permission on all of > these: > > /u > /u/dvfjs > /u/dvfjs/rocket > /u/dvfjs/rocket/bin -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN