Well that destroys my theory that the problem was caused by a non-root
id :) Like you say, there must be something else involved. Sounds like
you're making progress though.
Just curious, what made you choose port 323?
On 6/17/2024 9:26 AM, Binyamin Dissen wrote:
Changed it to 323 and it works.
I cannot figure out which BPX* resource would control this (23) and how.
On Mon, 17 Jun 2024 06:01:03 -0700 Tom Brennan <[email protected]>
wrote:
:>I'm not sure if Attila was saying to try this, but if you can change the
:>port to something higher than 1024 and the bind works, that would
:>indicate you're not really root at the time of the bind. Then if the
:>userid starting the task is root, maybe somebody is doing a setuid() or
:>similar before the bind.
:>
:>On 6/17/2024 1:26 AM, Attila Fogarasi wrote:
:>> Is INETD configured correctly? Your config is in etc/inetd/conf*. *TELNET
:>> is delivered specifying an ID of OMVSKERN and must be defined with both
:>> superuser and daemon authority. Guessing you are using OMVSKERN based on
:>> uid(0). Your port 722 is presumably defined in the /etc/services file
:>>
:>> On Mon, Jun 17, 2024 at 6:10?PM Attila Fogarasi <[email protected]> wrote:
:>>
:>>> Brave man running uid(0) for other than the OMVS kernel ... usually uid(0)
:>>> does give superuser authority, but you may need to be in group(SYS1) and
:>>> have a GID. Another possibility is having root as HOME('/'). good luck,
:>>> its frustrating that simply things like getting a reason code for
:>>> "permission denied" is not so easy.
:>>>
:>>> On Mon, Jun 17, 2024 at 5:19?PM Binyamin Dissen <
:>>> [email protected]> wrote:
:>>>
:>>>> Took a dump of the address space, and the associated userid has UID(0)
:>>>>
:>>>> What else would be required for root access?
:>>>>
:>>>> On Mon, 17 Jun 2024 06:29:01 +1000 Attila Fogarasi
:>>>> <[email protected]> wrote:
:>>>>
:>>>> :>port 722 is a privileged port, usually means your program needs root
:>>>> :>access, all of that is configured outside of RACF.
:>>>> :>
:>>>> :>On Mon, Jun 17, 2024 at 6:16?AM Binyamin Dissen <
:>>>> :>[email protected]> wrote:
:>>>> :>
:>>>> :>> On Sun, 16 Jun 2024 09:47:20 -0500 Walt Farrell
:>>>> :>> <[email protected]> wrote:
:>>>> :>>
:>>>> :>> :>On Sun, 16 Jun 2024 17:20:34 +0300, Binyamin Dissen <
:>>>> :>> [email protected]> wrote:
:>>>> :>>
:>>>> :>> :>>Getting
:>>>> :>>
:>>>> :>> :>>BPXF024I (TCPIP) Jun 16 06:38:15 inetd 65583 : FOMN0091
:>>>> *:otelnet/tcp:
:>>>> :>> :>>722 bind: EDC5111I Permission denied., rsn=744C7246
:>>>> :>>
:>>>> :>> :>>Not sure where it got 722 - looked in all the /etc places.
:>>>> :>>
:>>>> :>> :>>Also, what permission would be required to all;ow access to 722?
:>>>> Don't
:>>>> :>> seer
:>>>> :>> :>>anything obvious.
:>>>> :>>
:>>>> :>> :>What evidence do you have that it's a RACF issue?
:>>>> :>>
:>>>> :>> I am guessing from "permission denied"
:>>>>
:>>>> --
:>>>> Binyamin Dissen <[email protected]>
:>>>> http://www.dissensoftware.com
:>>>>
:>>>> Director, Dissen Software, Bar & Grill - Israel
:>>>>
:>>>> ----------------------------------------------------------------------
:>>>> For IBM-MAIN subscribe / signoff / archive access instructions,
:>>>> send email to [email protected] with the message: INFO IBM-MAIN
:>>>>
:>>>
:>>
:>> ----------------------------------------------------------------------
:>> For IBM-MAIN subscribe / signoff / archive access instructions,
:>> send email to [email protected] with the message: INFO IBM-MAIN
:>>
:>>
:>
:>----------------------------------------------------------------------
:>For IBM-MAIN subscribe / signoff / archive access instructions,
:>send email to [email protected] with the message: INFO IBM-MAIN
--
Binyamin Dissen <[email protected]>
http://www.dissensoftware.com
Director, Dissen Software, Bar & Grill - Israel
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
