Re: [External] Re: No file permissions or super user authority for executing a shell script

Mon, 05 Apr 2021 04:22:41 -0700 


-----Original Message-----
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of 
Paul Gilmartin
Sent: Saturday, April 3, 2021 8:23 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [External] Re: No file permissions or super user authority for 
executing a shell script

On Fri, 2 Apr 2021 13:26:07 +0000, Pommier, Rex wrote:
>
>I'm asking this from a "I don't know" standpoint because I've never used them. 
> Doesn't RACF have extended ACLs that could possibly come into play here?  As 
>in using RACF to grant read or execute authority to the script?  If so, how 
>would that be shown?  I would assume that the "normal" Unix security would 
>remain at 700 but the extended ACL would allow the access and show up 
>elsewhere?
>
But allowing access in that fashion seems to violate POSIX:
    
https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_05

     4.5 File Access Permissions
         ...
    Implementations may provide additional or alternate file access control 
mechanisms, or both.
    An additional access control mechanism shall only further restrict the 
access permissions
    defined by the file permission bits.  ...

-- gil


Hi Gil,

Thanks for that bit of information.  As I stated, I've never used ACLs but what 
you're saying makes sense.

Rex

The information contained in this message is confidential, protected from 
disclosure and may be legally privileged.  If the reader of this message is not 
the intended recipient or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any disclosure, 
distribution, copying, or any action taken or action omitted in reliance on it, 
is strictly prohibited and may be unlawful.  If you have received this 
communication in error, please notify us immediately by replying to this 
message and destroy the material in its entirety, whether in electronic or hard 
copy format.  Thank you.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to