Bruce,
Is my modify command "adding" class S to FORCE and SHUTDOWN? I thought it was
to *replace* class A with class S. What am I missing?
>From SYSTEM CONFIG file:
MODIFY COMMAND SHUTDOWN PRIVCLASS S
MODIFY COMMAND FORCE PRIVCLASS S
Output from CMDTABLE
FORCE IBMCLASS=A PRIVCLASS=S
SHUTDOWN IBMCLASS=A PRIVCLASS=S
Logon as OPERATOR
q cplevel
z/VM Version 5 Release 4.0, service level 0902 (64-bit)
Generated at 06/05/2009 19:43:17 EDT
IPL at 02/21/2010 07:31:30 EDT
Ready; T=0.01/0.01 09:58:13
id
OPERATOR AT ZVM8MVS VIA RSCS 05/20/2010 09:58:45 EDT THURSDAY
Ready; T=0.01/0.01 09:58:45
q priv *
Privilege classes for user OPERATOR
Currently: ABCDEFGP
Directory: ABCDEFGP
The privilege classes are not locked against changes.
Ready; T=0.01/0.01 09:59:02
q command force
FORCE IBMCLASS=NONE
Ready; T=0.01/0.01 09:59:13
q command shutdown
SHUTDOWN IBMCLASS=NONE
Ready; T=0.01/0.01 09:59:22
set priv * +s
Privilege classes for user OPERATOR
Currently: ABCDEFGPS
Directory: ABCDEFGP
The privilege classes are not locked against changes.
Ready; T=0.01/0.01 10:00:36
q command force
FORCE IBMCLASS=A
Ready; T=0.01/0.01 10:00:42
q command shutdown
SHUTDOWN IBMCLASS=A
Ready; T=0.01/0.01 10:00:55
Thank you,
Scott
-----Original Message-----
From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf
Of Bruce Hayden
Sent: Wednesday, May 19, 2010 4:27 PM
To: [email protected]
Subject: Re: Override file/modify command
I'm not sure.... Enter Q COMMANDS FORCE on OPERATOR to see if it is
allowed to issue the FORCE command, and if so, what priv class is
allowing it to do it.
On Wed, May 19, 2010 at 3:09 PM, Wandschneider, Scott
<[email protected]> wrote:
> I have the following in my production SYS CONFIG file yet OPERATOR, who does
> *not* have privilege class S was able to issue a FORCE command this past
> weekend and cause a user to be hung at LOGOFF/FORCE ending.
>
> MODIFY COMMAND SHUTDOWN PRIVCLASS S
> MODIFY COMMAND FORCE PRIVCLASS S
>
> What am I missing?
>
> Thank you,
>
> Scott
>
> From: The IBM z/VM Operating System [mailto:[email protected]] On
> Behalf Of Karl Kingston
> Sent: Wednesday, May 19, 2010 1:40 PM
> To: [email protected]
> Subject: Override file/modify command
>
> I'm working on setting up my z/VM 5.4 system (currently running 5.3 in
> production).
>
> When it was set up, we set up a CLASS OVERRIDE file with the following lines:
>
> SIGNAL NEWCLASS=O IBMCLASS=A
> XAUTOLOG NEWCLASS=O IBMCLASS=A
>
> On the z/VM 5.3 system, this works. But when I read the docs, it says this
> will take the commands away from class A users. But yet, if I'm logged on as
> MAINT (has class A) or OPERATOR, the commands work. Am I misunderstanding
> something here?
>
> On my 5.4 system I want to use the Modify command.
>
> My commands are:
>
> MODIFY Cmd SIGNAL IBMclass A PRIVclass O
> MODIFY Cmd XAUTOLOG IBMclass A PRIVclass O
>
> if I want SIGNAL and XAUTOLOG to be run by class A users will they execute?
> or do I need to change the commands to be:
>
> MODIFY Cmd SIGNAL IBMclass A PRIVclass AO
> MODIFY Cmd XAUTOLOG IBMclass A PRIVclass AO
>
> ???
>
> Thanks
>
> Karl Kingston
> County of Onondaga
>
> Confidentiality Note: This e-mail, including any attachment to it, may
> contain material that is confidential, proprietary, privileged and/or
> "Protected Health Information," within the meaning of the regulations under
> the Health Insurance Portability & Accountability Act as amended. If it is
> not clear that you are the intended recipient, you are hereby notified that
> you have received this transmittal in error, and any review, dissemination,
> distribution or copying of this e-mail, including any attachment to it, is
> strictly prohibited. If you have received this e-mail in error, please
> immediately return it to the sender and delete it from your system. Thank you.
>
--
Bruce Hayden
z/VM and Linux on System z ATS
IBM, Endicott, NY
Confidentiality Note: This e-mail, including any attachment to it, may contain
material that is confidential, proprietary, privileged and/or "Protected Health
Information," within the meaning of the regulations under the Health Insurance
Portability & Accountability Act as amended. If it is not clear that you are
the intended recipient, you are hereby notified that you have received this
transmittal in error, and any review, dissemination, distribution or copying of
this e-mail, including any attachment to it, is strictly prohibited. If you
have received this e-mail in error, please immediately return it to the sender
and delete it from your system. Thank you.