Re: Ops privs

Fri, 24 Aug 2007 15:22:31 -0700 

I agree with Richard.  Not only do you have a serialization issue with multiple 
people able to issue commands, but all these additional commands would need to 
be logable by an ESM.  I can't think of any cases where I'd want to give SEND 
or SIGNAL SHUTDOWN authorization to general users.  If I did, I'd rather be 
able to give that authorization individually, and not have it lumped in with 
Logonby.
 

                                                       Dennis O'Brien

Chelsea Clinton asked a returning US Soldier about fear.  He said there were 
only three things he was afraid of: Osama, Obama and Yo Mama.  -- Truckee Tahoe 
Times

  

 

________________________________

From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of 
Schuh, Richard
Sent: Friday, August 24, 2007 13:21
To: [email protected]
Subject: Re: [IBMVM] Ops privs



No. No. No. No. No.

 

We use LOGONBY as a means of controlling who is allowed to log on to group ids 
and tracking what they do. None of those other commands would be useful or 
necessary in that context. Giving those permissions  would negate, or at least 
complicate, our ability to track who did what when. Further, we would not want 
one user to be able to alter or compromise the functions being performed by 
another who was already logged on via LOGONBY. SEND, FORCE, and SIGNAL SHUTDOWN 
certainly have that potential, for example.

 

Most of what is listed could be useful only to someone who is really 
knowledgeable about the functions of the virtual machine. They are also mostly 
useful in looking after service machines. They are not useful to someone who is 
a more naïve user who logs on to a group id to perform simple functions or to 
run an application program, and could be somewhat dangerous if abused, 
accidentally or on purpose, by such a person. It is the latter group that we 
must protect against by not giving them authorities that they will never need. 
The former group probably has the knowledge needed to function without the 
added authority. 

 

Regards, 
Richard Schuh 

 

________________________________


There are some who believe that the authority to LOGON BY to a user should
implicitly allow:
- XAUTOLOG
- SET SECUSER or OBSERVER
- SEND (a la class C)
- FORCE
- SIGNAL SHUTDOWN

Thoughts?




-- 
Kris Buelens,
IBM Belgium, VM customer support

Reply via email to