On Thu, 19 Feb 2015 15:39:00 +0100, Peter Hunkeler wrote: >> How do I prevent my users' (whom I must give OMVS segments so they >> can use FTP) using UNIX services? > >By what means? If you do not want them to be able to login into a shell, set >the PROGRAM field in the OMVS segment to '/bin/true', or some such. If the >users need to be able to use FTP and are also in need of login to TSO, you're >out of luck, I guess. > "/bin/false" feels more the proper spirit. Our shop uses something for the default user similar to "/bin/OMVS-access-denied", which doesn't exist, but appears in (some) error messages.
Regardless, they can circumvent much by Assembler BPX1* calls, by Rexx "address SYSCALL 'spawn'" or by BPXBATCH PARM='PGM ...'. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
