On Wed, Apr 22, 2009 at 12:09 AM, Patrick Spinler <[email protected]> wrote:
>> Your scope should probably include the users of your applications that >> run on Linux, not just the few people who have legal permission to >> logon to a VM userid. > > Err, why? We already have a heterogeneous Unix LDAP solution that > serves our virtual linux, distributed linux, solaris, and AIX systems. > Note that our Z hosted linux guests are only about 1/4 of the total > number of these. Why in the world would we want to segregate our > z/Linux security to a completely separate security system than all the > rest of our unix and linux? Ok, I see where this went wrong... You can certainly use those central solutions to manage application access for Linux on z/VM. What I meant to say is that z/VM security is not just for the users with legal access. Someone with root access on your Linux server could also do things on z/VM that you don't want. z/VM is your virtual "raised floor" and when you allow more folks access to the computer room, you may need to tighten some of the rules and procedures you follow. -Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
