On Wed, 30 Oct 2013 10:59:55 -0500, John McKown <[email protected]> wrote:
>IMO, use of UID(0) for a non-BCP component by a vendor or by IBM is simply >an indication that the software designer is too damn lazy to determine what >access they really need and simply refuse to spend the effort (and money) >to determine which of the UNIXPRIV authorities might actually let them do >what they need. Or just have the SUPERUSER privilege in order to switch >into "root" for a short time to do something. IMO, it would be like saying >that the program run by an STC needed to be put into the SCHEDxx member of >PARMLIB to run non-cancelable and in PSW key 0 with a RACF id which had >OPERATIONS authority. > > Agree!! That is why I was surprised to still see UID(0) documented for some of the software other teams supported (database, monitors). OTOH, some software has been updated over the years and has documented procedures for not using UID(0) and can make use of BPX.SUPERUSER. -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:[email protected] ITIL v3 Foundation Certified Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://search390.techtarget.com/ateExperts/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
