On Thu, 22 Jun 2017 12:10:58 -0500, John McKown wrote: > >> ... So the user transmits it to himself using FTP. > >That's the hole in the sock[et]. > I'd imagine pounding on it with ssh (Yah, everything looks like a nail ...); a specialized user ID on either the source or target host, whichever works better, access limited to users in ~/.ssh/authorized_keys, with ~/.ssh/.ssh/config restricting its repertoire to the desired transfer command and excluding general shell commands. Perhaps RACF shoud define its shell as /bin/false.
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
