Thanks John, My concern is access to other syscall functions. it may be true to unix, but I think some of them allow more information then I would allow to standard user.
ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Tue, Apr 27, 2021 at 2:50 PM John McKown <[email protected]> wrote: > I doubt it. At least using supplied IBM facilities. Why? If you read here: > https://www.ibm.com/docs/en/zos/2.1.0?topic=functions-sleep > It does not have any information about security requirements. Therefore, I > assume (ouch), that there is not one for this function, or any of the other > UNIX functions in that section. And thus it is "one for all and all for > one", so to speak. The same with UNIX commands. They all have the same > security requirements, so if you have one, you have them all. At least in a > normal set up. > > Now, long before UNIX was in z/OS, I wrote a batch program (designed to be > invoked via EXEC PGM=) called SLEEP. It's only 180 assembler lines long (34 > of which are comments). It does use one in-house macro, but that is simply > "STARTUP" which does normal register saves and so could be easily replaced > with just plain instructions. If you want it, I can email it to you. > > On Tue, Apr 27, 2021 at 6:33 AM ITschak Mugzach <[email protected]> > wrote: > > > a user asks to have access to the uss sleep syscall. We would like to > limit > > the user only to this function. is this possible? > > > > ITschak > > > > ITschak Mugzach > > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring > > for z/OS, x/Linux & IBM I **| z/VM coming soon * > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
