But, using ISPF 3.4, the user can list all the data sets on all the on-line volumes by entering nothing in the DSN field and an * in the Volume field. Yes, I do know about the _new_ RACF stuff which causes the system to not list a DSN unless the id has at least EXECUTE (or READ?) access to it. But the overhead is horrendous. It causes a RACF security call on each and every DSN. The I/O to the RACF data base (the security information in not in the equivalent of the inode on z/OS) is just too expensive.
On Tue, Oct 1, 2013 at 2:37 AM, Offer Baruch <[email protected]> wrote: > Sorry... I just couldn't help responding to the z/OS part... > > On z/OS you can limit the access to the catalog and by that deny users from > listing the files in that catalog. > I think that most places don't do that but z/OS has this ability build > in... > > Offer Baruch > On Sep 30, 2013 6:01 PM, "John McKown" <[email protected]> > wrote: > > > I am looking a "porting" the Linux updatedb/locate program in the mlocate > > rpm to run on another UNIX system (z/OS to be exact). I don't understand > > why the mlocate.db is not world readable. Instead, the locate program is > > marked setgid. The only reason I have come up with is that the updatedb > > program loads the names of all the local (and perhaps NFS) file names > into > > the mlocated.db file. And some of those may be in directories which are > > unreadable by some users. > > > > I am not really going to port the actual code, because I am pretty sure > > that I'm going to put the data into a sqlite3 data base so that others > can > > write code to "do things" with it. > > > > This is where I don't understand. How can simply knowing if a file exists > > or not be a security concern? I admit to being ignorant of this because a > > user in z/OS can generally get a listing of the names of all the data > sets > > (files) which exist on a z/OS system even if they cannot read them. Yeah, > > I've got some of those and one consultant was "uppity" about "why can't I > > read that? Justify it to me!!!" Who which I replied (quoting W.C. > Fields): > > "Go away, boy, you bother me!" > > > > -- > > I have _not_ lost my mind! It is backed up on a flash drive somewhere. > > > > Maranatha! <>< > > John McKown > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- I have _not_ lost my mind! It is backed up on a flash drive somewhere. Maranatha! <>< John McKown ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
