Stewart Stremler([EMAIL PROTECTED])@Sat, Nov 26, 2005 at 03:20:58PM -0800: > begin quoting Wade Curry as of Sat, Nov 26, 2005 at 03:13:45PM -0800: > [snip] > > As powerful as RACF is (MVS security product), people still are > > able to break and abuse it regularly. Being based on ACLs > > really is a huge benefit, though. > > Anything resembling a CL (capabilities list)? >
Not sure exactly what a CL is. Each user or group has the ability to read/write/alter datasets(files) when they are explicitly "permitted" to that dataset. The list of users permitted to the dataset (the dataset profile) is kept by RACF in its own database. None of this appears in the filesystem. > > The way the mainframers think about password and data security > > is a little different, though. It is common with Linux to see > > a group created to provide access to files, and then add a user > > to the groups that allow appropriate access. Mainframers see > > groups as defining the function of the person. Everyone > > belongs to one -and only one- group. Each dataset profile then > > has an entry defining the type of access for each and every > > user or group that needs it. Wade Curry syntaxman -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
