Hmm... I can't recreate any case where I can run another user's program without the full path having both r and x (didn't try it without r), regardless of it being executed with just the full path or from a script with the full path. I must have done something that I don't recall. Oh well. It makes sense that it wouldn't work one way but not the other.
________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Paul Gilmartin <0000000433f07816-dmarc-requ...@listserv.ua.edu> Sent: Wednesday, November 18, 2020 1:49 PM To: IBM-MAIN@LISTSERV.UA.EDU <IBM-MAIN@LISTSERV.UA.EDU> Subject: Re: [MVS-OE] Other user trying to run my shell script gets "FSUM7351 not found" error On 2020-11-18, at 10:16:41, Frank Swarbrick wrote: > > Can you explain the difference between executing a script that executes the > program, which requires this, while running the program directly (with a > fully qualified path) does not? > I can hardly imagine a case where a program with a non-searchable directory in its path can be "[run] directly (with a fully qualified path)" but not from "a script that executes the program." Does the script also use a fully qualified path? I'm skeptical without seeing a detailed example such as: myscript: #! /bin/sh -x /u/dvfjs/rocket/bin/curl chmod a-x /u/dvfjs/rocket/bin ls -lid /u/dvfjs/rocket/bin/curl # should get permission denied. cat myscript chmod a+rx myscript ls -lid myscript ./myscript # should get permission denied. # while: /u/dvfjs/rocket/bin/curl # should likewise get permission denied. # If it succeeds it's because the z/OS kernel breaks # (more precisely fails to enforce) the rules. # That should be subject to APAR. > ________________________________ > From: Kirk Wolf > Sent: Wednesday, November 18, 2020 10:13 AM > > You need directory search (x) permission for every directory in the path in > order to access a file or subdirectory with a known name. > > So in your example, the user must have search (x) permission on all of > these: > > /u > /u/dvfjs > /u/dvfjs/rocket > /u/dvfjs/rocket/bin -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
