Amen. On Oct 30, 2013 12:00 PM, "John McKown" <[email protected]> wrote:
> IMO, use of UID(0) for a non-BCP component by a vendor or by IBM is simply > an indication that the software designer is too damn lazy to determine what > access they really need and simply refuse to spend the effort (and money) > to determine which of the UNIXPRIV authorities might actually let them do > what they need. Or just have the SUPERUSER privilege in order to switch > into "root" for a short time to do something. IMO, it would be like saying > that the program run by an STC needed to be put into the SCHEDxx member of > PARMLIB to run non-cancelable and in PSW key 0 with a RACF id which had > OPERATIONS authority. > > > <snip> > > > In one of my client's sysplexes non UID(0) UIDs are shared between a > > certain > > group of end users (1000s of them in some cases) and that also has to be > > remediated also. But that is an AIM issue only because that sysplex > didn't > > use BPX.DEFAULT.USER. BPX.UNIQUE.USER would help, but it's a catch 22. > > > > BTW, this issue does affect ACF2 and Top Secret as well. > > > > Mark > > -- > > > > > -- > This is clearly another case of too many mad scientists, and not enough > hunchbacks. > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
