Frank, The whole 'back door' idea comes from the fact that you have shared DASD between prod and test, separate RACF databases between them. The UID really doesn't play much of a part here since it's your UID on both sides. The concern (rightfully so) is that test boxes and test RACF databases typically don't have as stringent oversight as production and with shared DASD, a RACF rule on the DEV machine could inadvertently allow somebody inappropriate access to production datasets (or other resources).
Rex -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Frank Swarbrick Sent: Wednesday, June 14, 2023 5:05 PM To: [email protected] Subject: [EXTERNAL] Re: Unix file system ownership Yes. I have no idea. I certainly wouldn't know how to do something "backdoor" with this. Yes. Me. ________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Paul Gilmartin <[email protected]> Sent: Wednesday, June 14, 2023 3:17 PM To: [email protected] <[email protected]> Subject: Re: Unix file system ownership On Wed, 14 Jun 2023 20:12:45 +0000, Frank Swarbrick wrote: >Well this was easy. My security admin gave my production user the same UID >value as in test/dev and everything fell in to place. > Are the TSO IDs the same? Does this give your test/dev user a back door to your production system? Are these the same person? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- The information contained in this message is confidential, protected from disclosure and may be legally privileged. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, distribution, copying, or any action taken or action omitted in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
