I would tend to agree with most of the posters in regards to using the
normal unix permission bits. If you are thinking about doing some sort of
file sharing with non-z/OS system, then getting used to the unix
permission bits is helpful. While at one time the default UID and default
GID
Steve,
I will try this approach.
- Create userid's and assign their home. T PROF(USER) DIV(OMVS) and cha user1
home(/u/user1)
- Setup automount on omvs
- Create a file auto.master in /etc with /u /etc/u/map
- Create a file u.map in /etc with
#
1) Is there another way to protect the OMVS environment
instead of using HFS Security under ACF2?
I admit, I don't have practical experience with HFS security under
ACF2, but I can't get rid of my bad feeling about this. If you're
going to be using z/OS UNIX, you should understand UNIX
Snip
I admit, I don't have practical experience with HFS security under
ACF2, but I can't get rid of my bad feeling about this. If you're going
to be using z/OS UNIX, you should understand UNIX security and what UNIX
applications can do with
it, and what they expect.
I would not use anything
We are just starting to get heavenly involved in the OMVS environment. We are
using CA-ACF2 for our security package.
We are also starting to get involved in the CICS WEB access environment. My
questions are:
1) Is there another way to protect the OMVS environment instead of using
HFS
Carlson, Steven wrote:
We are just starting to get heavenly involved in the OMVS environment.
Ahh. Divine intervention ..
We are using CA-ACF2 for our security package.
We are also starting to get involved in the CICS WEB access environment. My
questions are:
1) Is there
In
[EMAIL PROTECTED],
on 11/13/2006
at 09:55 AM, Klavon John R [EMAIL PROTECTED] said:
Does anyone have a good suggestion for setting up (Superuser id or
UID(0) for individuals that require the access.
Yes - check whether they really need it. The last time I had RACF
SPECIAL I wouldn't even
after a successful call to BPX1PWD (__passwd()), then if it
needs to do a spawn() (BPX1SPN).
Is this correct?
Lindy
-Alkuperäinen viesti-
Lähettäjä: IBM Mainframe Discussion List puolesta: Patrick O'Keefe
Lähetetty: ma 13.11.2006 21:49
Vastaanottaja: IBM-MAIN@BAMA.UA.EDU
Aihe: Re: Unix
Patrick O'Keefe wrote:
On Mon, 13 Nov 2006 17:28:47 +0100, R.S.
[EMAIL PROTECTED]
wrote:
...
As you wrote it's because auditors want it. I understand your point,
however I'm curious whether there's any real reason.
I strongly agree with John on this. Even if no auditors were involved,
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of R.S.
Sent: Tuesday, November 14, 2006 1:51 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Unix Security
snip
SU everytime is similar (IMHO worse!) method for USS newbie
administrator
Does anyone have a good suggestion for setting up (Superuser id or UID(0) for
individuals that require the access. They would like to set up as few users as
possible to satisfy the auditors..
The information contained in this e-mail may be confidential and is intended
solely for the use of
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Klavon John R
Sent: Monday, November 13, 2006 8:56 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Unix Security
Does anyone have a good suggestion for setting up (Superuser
id or UID(0
McKown, John wrote:
[...]
If nothing else, grant RACF read authority to BPX.SUPERUSER in the
FACILITY class to the people who need it. This will allow them to su
for root (UID 0) access as needed. There are a lot of profiles starting
with BPX. in the FACILITY class to allow people to do
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of R.S.
Sent: Monday, November 13, 2006 9:58 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Unix Security
snip
IMHO the better idea is to have dadicated user fo BPXPRMxx
SUPERUSER
McKown, John wrote:
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of R.S.
Sent: Monday, November 13, 2006 9:58 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Unix Security
snip
IMHO the better idea is to have dadicated user fo BPXPRMxx
On Mon, 13 Nov 2006 17:28:47 +0100, R.S. [EMAIL PROTECTED]
wrote:
...
As you wrote it's because auditors want it. I understand your point,
however I'm curious whether there's any real reason.
I strongly agree with John on this. Even if no auditors were involved,
giving a person UID(0)is
16 matches
Mail list logo
