Or maybe put a password on the VSWITCH that would allow a class G user to connect if he knew the password.
On Wed, Dec 8, 2010 at 8:15 AM, Quay, Jonathan (IHG) <[email protected]>wrote: > I don't. I don't have any human beings on my systems except for system > programmers that have full authority anyway. Having to GRANT linux > servers is an extra thing that has to be managed. I would like to > define a vswitch as unrestricted. > > -----Original Message----- > From: The IBM z/VM Operating System [mailto:[email protected]] On > Behalf Of RPN01 > Sent: Wednesday, December 08, 2010 8:27 AM > To: [email protected] > Subject: Re: Vswitch Grant as a CMD in User's Directory? > > The issue with keeping the grants in AUTOLOG1 or in SYSTEM CONFIG is > that > you have to either continually modify those files every time you create > a > new Linux image, or you have to keep a separate list of Linux images > somewhere for AUTOLOG1 to read (though you probably have to anyway). > > Putting the commands in the CP Directory entry just gives you one less > worry > about where to check if something has been done or not. It also covers > you > for the initial creation of the image, where AUTOLOG1 will not be run, > so > that you don't have to worry about granting the image by hand the first > time. > > Is there anyone out there that actually gains security from CP users not > being granted onto their vSwitches? How many people would like to be > able to > define a vSwitch as "open to the public" or not requiring a grant to be > accessed? > > -- > Robert P. Nix Mayo Foundation .~. > RO-OC-1-18 200 First Street SW /V\ > 507-284-0844 Rochester, MN 55905 /( )\ > ----- ^^-^^ > "In theory, theory and practice are the same, but > in practice, theory and practice are different." > > > > On 12/7/10 9:25 PM, "Lee Stewart" <[email protected]> > wrote: > > > It seems to me... > > > > Rather than putting a Vswitch Grant for each Linux guest somewhere > like > > AUTOLOG1's PROFILE EXEC, I thought I'd try putting a > > CMD SET VSWITCH VSW1 GRANT &USERID > > in the directory profile for the Linux guests... > > > > Alas, it seems that the GRANT isn't processed till after the NIC / LAN > > connection is attempted. I thought I understood that CMDs in the > > directory entry were processed before the user was logged on... > > > > Did I misunderstand or??? > > > > Thanks, > > Lee >
