Re: Superuser (su) in batch

2022-08-12 Thread Mark Zelden 
On Fri, 12 Aug 2022 09:42:13 -0500, Paul Gilmartin  wrote:

>On Thu, 11 Aug 2022 16:44:50 -0500, Mark Zelden wrote:
>>...  
>> /* rexx */  
>> /*=*/   
>>   fromdir = '/etc/' 
>>   todir   = '/service/' 
>> /*=*/   
>>   call syscalls 'ON'
>>   address syscall 'geteuid' 
>>   uidval = retval   
>>   say 'Current UID = 'uidval
>>   if uidval <> 0 then do
>> say 'Attempting to set to UID=0'
>> address syscall 'setreuid 0 0'  
>>  
>What would happen if Rexx were to EXIT to TSO at this point?  Would TSO
>continue to execute with the RACF User ID but with euid 0?  Might there be
>unexpected results, particularly with the O* commands?  Remember the OP
>wants to do OPUT with euid 0.
>   
>> uidval2 = retval
>> if uidval2 <> 0 then do 
>>   say 'Unable to set to UID=0'  
>>   exit 12   
>> end 
>> Else say 'New UID = 'uidval2
>>   
>When I've done this sort of thing, I've first attempted to report via ZEDLMSG,
>then if that failed use SAY.
>
>-- 


First, I didn't run it interactively - as I mentioned, it was part of a batch 
job with steps
   that allocate the zFS, fomat it, mount it then run the copy.  The step 
running
   the exec is IKJEFT1B. 

Second, it isn't running under ISPF so there is no ZEDLMSG. 


Best Regards,

Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS
ITIL v3 Foundation Certified
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html
Systems Programming expert at http://search390.techtarget.com/ateExperts/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-12 Thread Paul Gilmartin 
On Thu, 11 Aug 2022 16:44:50 -0500, Mark Zelden wrote:
>...  
> /* rexx */  
> /*=*/   
>   fromdir = '/etc/' 
>   todir   = '/service/' 
> /*=*/   
>   call syscalls 'ON'
>   address syscall 'geteuid' 
>   uidval = retval   
>   say 'Current UID = 'uidval
>   if uidval <> 0 then do
> say 'Attempting to set to UID=0'
> address syscall 'setreuid 0 0'  
>  
What would happen if Rexx were to EXIT to TSO at this point?  Would TSO
continue to execute with the RACF User ID but with euid 0?  Might there be
unexpected results, particularly with the O* commands?  Remember the OP
wants to do OPUT with euid 0.
   
> uidval2 = retval
> if uidval2 <> 0 then do 
>   say 'Unable to set to UID=0'  
>   exit 12   
> end 
> Else say 'New UID = 'uidval2
>   
When I've done this sort of thing, I've first attempted to report via ZEDLMSG,
then if that failed use SAY.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-12 Thread rpinion865 
I didn't see any mention of AOPBATCH.  I tried it, and it appears to work.

//STEP020 EXEC PGM=AOPBATCH,PARM='sh'
//STDIN   DD *
 su
 ls -al
//STDERR  DD SYSOUT=*
//STDOUT  DD SYSOUT=*




Sent with Proton Mail secure email.

--- Original Message ---
On Friday, August 12th, 2022 at 7:30 AM, Robert S. Hansel (RSH) 
 wrote:


> Hi William,
>
> Here are examples of several different ways I found for doing this.
>
> //RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
> //STEP0010 EXEC PGM=BPXBATCH,PARM='SH'
> //STDERR DD SYSOUT=*
> //STDOUT DD SYSOUT=*
> //STDIN DD PATH='/u/RSH/commands',PATHOPTS=(ORDONLY) << su in stdin file
>
> //RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
> //STEP0010 EXEC PGM=BPXBATCH,PARM='SH su'
> //STDERR DD SYSOUT=*
> //STDOUT DD SYSOUT=*
> //STDIN DD PATH='/u/RSH/commands2',PATHOPTS=(ORDONLY)
>
> //RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
> //STEP0010 EXEC PGM=BPXBATCH,PARM='SH su < /u/RSH/commands2'
> //STDERR DD SYSOUT=*
> //STDOUT DD SYSOUT=*
>
> //RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
> //STEP0010 EXEC PGM=BPXBATCH
> //STDERR DD SYSOUT=*
> //STDOUT DD SYSOUT=*
> //STDPARM DD *
> SH su < /u/RSH/commands3
>
> //RSHSUTST JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
> //STEP0001 EXEC PGM=IKJEFT1B
> //SYSPROC DD DISP=SHR,DSN=SYS1.SBPXEXEC
> //SYSOUT DD SYSOUT=*
> //SYSIN DD DUMMY
> //SYSTSPRT DD SYSOUT=*
> //SYSTSIN DD *
> PROF MSGID WTPMSG
> OSHELL echo id | su
> OSHELL print 'id' | su
>
> Regards, Bob
>
> Robert S. Hansel
> Lead RACF Specialist
> RSH Consulting, Inc. *** Celebrating our 30th Anniversary ***
> 617-969-8211
> www.linkedin.com/in/roberthansel
> www.twitter.com/RSH_RACF
> www.rshconsulting.com
>
> -Original Message-
> Date: Thu, 11 Aug 2022 12:50:49 +
> From: "Boyer, William" william.bo...@gdit.com
>
> Subject: Superuser (su) in batch
>
> My userid on z/OS is not a superuser but I have RACF READ access to 
> BPX.SUPERUSER. Occasionally as a Systems Programmer, I need to have perform 
> something in USS that requires UID=0. In TSO I can switch to EUID=0 by going 
> to 3.17 (Utilities/Udlist) and type a su which seems to stay set for the 
> entire length of the TSO session. Is there a way do a su in batch and then 
> copy files or adjust permits/owner etc.
>
> For example interactively, I can set my euid=0 with su in 3.17, then go to =6 
> and type in OPUT to copy files into USS to directories that my normal uid 
> does not have permission but the OPUT works because I am still euid=0. I am 
> looking for a way to do this in batch.
>
> Thanks
>
> William Boyer
> System Engineer Sr Advisor
>
> T 410-842-1706
> william.bo...@gdit.com
> One W. Pennsylvania Ave
> Towson, MD 21204
> www.gdit.comhttp://www.gdit.com/
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-12 Thread Robert S. Hansel (RSH) 
Hi William,

Here are examples of several different ways I found for doing this.

//RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
//STEP0010 EXEC PGM=BPXBATCH,PARM='SH'  
//STDERR  DD  SYSOUT=*  
//STDOUT  DD  SYSOUT=*  
//STDIN   DD  PATH='/u/RSH/commands',PATHOPTS=(ORDONLY)<< su in stdin file

//RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
//STEP0010 EXEC PGM=BPXBATCH,PARM='SH su'   
//STDERR  DD  SYSOUT=*  
//STDOUT  DD  SYSOUT=*  
//STDIN   DD  PATH='/u/RSH/commands2',PATHOPTS=(ORDONLY)   

//RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
//STEP0010 EXEC PGM=BPXBATCH,PARM='SH su < /u/RSH/commands2'
//STDERR  DD  SYSOUT=*  
//STDOUT  DD  SYSOUT=*  

//RSHBPXSU JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY=
//STEP0010 EXEC PGM=BPXBATCH
//STDERR  DD  SYSOUT=*  
//STDOUT  DD  SYSOUT=*  
//STDPARM DD  *
SH su < /u/RSH/commands3

//RSHSUTST JOB (1),RSH,CLASS=A,MSGCLASS=H,NOTIFY= 
//STEP0001 EXEC PGM=IKJEFT1B 
//SYSPROC  DD  DISP=SHR,DSN=SYS1.SBPXEXEC
//SYSOUT   DD  SYSOUT=*  
//SYSINDD  DUMMY 
//SYSTSPRT DD  SYSOUT=*  
//SYSTSIN  DD  * 
 PROF MSGID WTPMSG   
 OSHELL echo id | su 
 OSHELL print 'id' | su

Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.  *** Celebrating our 30th Anniversary ***
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com

-Original Message-
Date:Thu, 11 Aug 2022 12:50:49 +
From:"Boyer, William" 
Subject: Superuser (su) in batch

My userid on z/OS is not a superuser but I have RACF READ access to 
BPX.SUPERUSER.   Occasionally as a Systems Programmer, I need to have perform 
something in USS that requires UID=0. In TSO I can switch to EUID=0 by going to 
3.17 (Utilities/Udlist) and type a su which seems to stay set for the entire 
length of the TSO session.   Is there a way do a su in batch and then copy 
files or adjust permits/owner etc.

For example interactively, I can set my euid=0 with su in 3.17, then go to =6 
and type in OPUT to copy files into USS to directories that my normal uid does 
not have permission but the OPUT works because I am still euid=0.  I am looking 
for a way to do this in batch.

Thanks

William Boyer
System Engineer Sr Advisor

T   410-842-1706
william.bo...@gdit.com
One W. Pennsylvania Ave
Towson, MD 21204
www.gdit.com<http://www.gdit.com/>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Mark Zelden 
On Thu, 11 Aug 2022 16:36:43 -0500, Paul Gilmartin  wrote:

>On Thu, 11 Aug 2022 13:23:27 -0500, Mark Zelden wrote:
>>
>>ISHELL in batch won't work, but this "trick" with BPXBATCH will.  The key is 
>>using
>>"echo" and piping the commend to "su".
>> 
>I see that clearly in the Commands Ref.
>
>What about Rexx:  ADDRESS SYSCALL 'setuid'?  Does that change the euid
>of the TSO calling process?
>
>I know that in Rexx invoked from (ISPF under) TSO I can:
>ADDRESS SYSCALL 'chdir' ...
>
>and that changes the working directory of my TSO job.  Would 'setuid' work
>similarly?
>
>What about "sudo", not distributed with z/OS, but on Linux:
>
>501 $ ps
>  PID TTY  TIME CMD
>15319 pts/000:00:00 bash
>15342 pts/000:00:00 ps
>502 $ 
>502 $ sudo id
>[sudo] password for paulgilm: 
>uid=0(root) gid=0(root) groups=0(root)
>503 $ 
>503 $ ps
>  PID TTY  TIME CMD
>15319 pts/000:00:00 bash
>15345 pts/000:00:00 ps
>504 $ 
>504 $ sudo id
>uid=0(root) gid=0(root) groups=0(root)
>505 $ 
>505 $ ps
>  PID TTY  TIME CMD
>15319 pts/000:00:00 bash
>15349 pts/000:00:00 ps
>
># ### pid is unchanged, but euid *is* changed.  Does sudo muck with
># kernel structures!?  It expires after a while.
>
>506 $ 
>506 $ type sudo
>sudo is hashed (/usr/bin/sudo)
>507 $ 
>507 $ ls -l /usr/bin/sudo
>-rwsr-xr-x 1 root root 157192 Jan 20  2021 /usr/bin/sudo
>508 $ 
>508 $ id
>uid=1000(paulgilm)
>gid=1000(paulgilm)groups=1000(paulgilm),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),101(systemd-journal),109(netdev),998(vboxsf)
>509 $ 
>
>-- 


For REXX address syscall, yes - that works fine.  Long before IBM ever came out 
with their
HFS to zFS copy utilities to make things easier for people, I copied / migrated 
my HFS
files with the  exec below.  I called the REXX from a batch job with
the REXX instream,written to a temp PDS, so I hard coded the from / to mount
points as needed. Other steps formatted the zFS, mounted it at the service mount
point, did the copy below then unmounted the newly created zFS.  


 /* rexx */  
 /*=*/   
   fromdir = '/etc/' 
   todir   = '/service/' 
 /*=*/   
   call syscalls 'ON'
   address syscall 'geteuid' 
   uidval = retval   
   say 'Current UID = 'uidval
   if uidval <> 0 then do
 say 'Attempting to set to UID=0'
 address syscall 'setreuid 0 0'  
   /* address syscall 'seteuid 0' */ 
 uidval2 = retval
 if uidval2 <> 0 then do 
   say 'Unable to set to UID=0'  
   exit 12   
 end 
 Else say 'New UID = 'uidval2
   end   
   address syscall 'chdir' fromdir   
   say 'Copying files from' fromdir 'to' todir   
   call bpxwunix 'pax -rwvCMX -p eW . ' todir



Best Regards,

Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS
ITIL v3 Foundation Certified
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Paul Gilmartin 
On Thu, 11 Aug 2022 13:23:27 -0500, Mark Zelden wrote:
>
>ISHELL in batch won't work, but this "trick" with BPXBATCH will.  The key is 
>using
>"echo" and piping the commend to "su".
> 
I see that clearly in the Commands Ref.

What about Rexx:  ADDRESS SYSCALL 'setuid'?  Does that change the euid
of the TSO calling process?

I know that in Rexx invoked from (ISPF under) TSO I can:
ADDRESS SYSCALL 'chdir' ...

and that changes the working directory of my TSO job.  Would 'setuid' work
similarly?

What about "sudo", not distributed with z/OS, but on Linux:

501 $ ps
  PID TTY  TIME CMD
15319 pts/000:00:00 bash
15342 pts/000:00:00 ps
502 $ 
502 $ sudo id
[sudo] password for paulgilm: 
uid=0(root) gid=0(root) groups=0(root)
503 $ 
503 $ ps
  PID TTY  TIME CMD
15319 pts/000:00:00 bash
15345 pts/000:00:00 ps
504 $ 
504 $ sudo id
uid=0(root) gid=0(root) groups=0(root)
505 $ 
505 $ ps
  PID TTY  TIME CMD
15319 pts/000:00:00 bash
15349 pts/000:00:00 ps

# ### pid is unchanged, but euid *is* changed.  Does sudo muck with
# kernel structures!?  It expires after a while.

506 $ 
506 $ type sudo
sudo is hashed (/usr/bin/sudo)
507 $ 
507 $ ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 157192 Jan 20  2021 /usr/bin/sudo
508 $ 
508 $ id
uid=1000(paulgilm)
gid=1000(paulgilm)groups=1000(paulgilm),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),101(systemd-journal),109(netdev),998(vboxsf)
509 $ 

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Mark Zelden 
On Thu, 11 Aug 2022 12:50:49 +, Boyer, William  
wrote:

>My userid on z/OS is not a superuser but I have RACF READ access to 
>BPX.SUPERUSER.   Occasionally as a Systems Programmer, I need to have perform 
>something in USS that requires UID=0. In TSO I can switch to EUID=0 by going 
>to 3.17 (Utilities/Udlist) and type a su which seems to stay set for the 
>entire length of the TSO session.   Is there a way do a su in batch and then 
>copy files or adjust permits/owner etc.
>
>For example interactively, I can set my euid=0 with su in 3.17, then go to =6 
>and type in OPUT to copy files into USS to directories that my normal uid does 
>not have permission but the OPUT works because I am still euid=0.  I am 
>looking for a way to do this in batch.
>
>Thanks
>
>William Boyer
>System Engineer Sr Advisor
>
>T   410-842-1706
>william.bo...@gdit.com
>One W. Pennsylvania Ave
>Towson, MD 21204
>www.gdit.com
>


ISHELL in batch won't work, but this "trick" with BPXBATCH will.  The key is 
using
"echo" and piping the commend to "su".   For example:


//FINDEXEC PGM=BPXBATCH,REGION=500M 
//STDERR   DD  SYSOUT=* 
//STDOUT   DD  SYSOUT=* 
//STDPARM  DD  *
sh echo find / -user 99 -exec ls -l {} \;  | su;



Regards,

Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS
ITIL v3 Foundation Certified
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Grant Taylor 

Drive by Unix comments below.

On 8/11/22 9:15 AM, Chen, Ya-Fang wrote:

echo 'date' ! su ;
echo 'mkdir -m 755 /home/y01' ! su ;
echo 'mkdir -m 755 /home/y01/.ssh2' ! su ;
echo 'chown -R y01:agroup  /home/y01' ! su ;


Is there a reason that you are echoing commands into su's STDIN verses 
passing the command to su directly?  E.g.


su -c 'date'
su -c 'mkdir -m 755 /home/y01'
su -c 'mkdir -m 755 /home/y01/.ssh2'
su -c 'chown -R y01:agroup /home/y01'

My experience is that explicitly specifying things works out better than 
implicitly piping things into STDIN.




--
Grant. . . .
unix || die

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Paul Gilmartin 
On Thu, 11 Aug 2022 14:35:25 +, Boyer, William  
wrote:

>Tried that.
>
>OSHELL su
>OPUT
>The OPUT faileo on permissions.  
> 
OSHELL probably forks a separate address space, and "su" there does
not affect the parent TSO address space.

Chen, Ya-Fang's  suggestion is more promising.  Similarly with BPXWUNIX.

or, OSHELL "su; OPUT"

Or: 

And Shmuel speaks sooth.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Chen, Ya-Fang 
William,

FYI. This what I use to create directory and set up ownership in a batch job. 
Some companies may need to change the pipe char from '!' to '|'. 

---
//STEP1EXEC PGM=BPXBATCH   
//SYSPRINT DD  SYSOUT=*
//STDOUT  DD  SYSOUT=* 
//STDERR  DD  SYSOUT=* 
//STDPARM  DD   *  
SH 
echo 'date' ! su ; 
echo 'mkdir -m 755 /home/y01' ! su ;   
echo 'mkdir -m 755 /home/y01/.ssh2' ! su ; 
echo 'chown -R y01:agroup  /home/y01' ! su ;   
hostname;  
ls -l /home;   
ls -la /home/y01   
/* 
---

Regards,
Ya-Fang


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Boyer, William
Sent: Thursday, August 11, 2022 9:35 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: Superuser (su) in batch

Tried that.

OSHELL su
OPUT
The OPUT failed on permissions.  


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Ituriel do Neto
Sent: Thursday, August 11, 2022 9:25 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Superuser (su) in batch



 [External: Use caution with links & attachments]

You may try:

//STEP1  EXEC PGM=IKJEFT01 //SYSEXEC  DD   DISP=SHR,DSN=SYS1.SBPXEXEC 
//SYSTSPRT DD   SYSOUT=* //SYSTSIN  DD   *
  PROF MSGID WTPMSG
  OSHELL su                                                               



Best Regards

Ituriel do Nascimento Neto
z/OS System Programmer






Em quinta-feira, 11 de agosto de 2022 10:07:58 BRT, Rob Schramm 
 escreveu: 





Coz toolkit is very easy to use for switching to superuser.

Rob

On Thu, Aug 11, 2022, 08:51 Boyer, William < 
0442c7525a40-dmarc-requ...@listserv.ua.edu> wrote:

> My userid on z/OS is not a superuser but I have RACF READ access to 
> BPX.SUPERUSER.  Occasionally as a Systems Programmer, I need to have 
> perform something in USS that requires UID=0. In TSO I can switch to
> EUID=0 by going to 3.17 (Utilities/Udlist) and type a su which seems 
> to stay set for the entire length of the TSO session.  Is there a way 
> do a su in batch and then copy files or adjust permits/owner etc.
>
> For example interactively, I can set my euid=0 with su in 3.17, then 
> go to
> =6 and type in OPUT to copy files into USS to directories that my 
> normal uid does not have permission but the OPUT works because I am still 
> euid=0.
> I am looking for a way to do this in batch.
>
> Thanks
>
> William Boyer
> System Engineer Sr Advisor
>
> T  410-842-1706
> william.bo...@gdit.com
> One W. Pennsylvania Ave
> Towson, MD 21204
> www.gdit.com<http://www.gdit.com/>
>
>
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Boyer, William 
Tried that.

OSHELL su
OPUT
The OPUT failed on permissions.  


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Ituriel do Neto
Sent: Thursday, August 11, 2022 9:25 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Superuser (su) in batch



 [External: Use caution with links & attachments]

You may try:

//STEP1  EXEC PGM=IKJEFT01 //SYSEXEC  DD   DISP=SHR,DSN=SYS1.SBPXEXEC 
//SYSTSPRT DD   SYSOUT=* //SYSTSIN  DD   *
  PROF MSGID WTPMSG
  OSHELL su                                                               



Best Regards

Ituriel do Nascimento Neto
z/OS System Programmer






Em quinta-feira, 11 de agosto de 2022 10:07:58 BRT, Rob Schramm 
 escreveu: 





Coz toolkit is very easy to use for switching to superuser.

Rob

On Thu, Aug 11, 2022, 08:51 Boyer, William < 
0442c7525a40-dmarc-requ...@listserv.ua.edu> wrote:

> My userid on z/OS is not a superuser but I have RACF READ access to 
> BPX.SUPERUSER.  Occasionally as a Systems Programmer, I need to have 
> perform something in USS that requires UID=0. In TSO I can switch to 
> EUID=0 by going to 3.17 (Utilities/Udlist) and type a su which seems 
> to stay set for the entire length of the TSO session.  Is there a way 
> do a su in batch and then copy files or adjust permits/owner etc.
>
> For example interactively, I can set my euid=0 with su in 3.17, then 
> go to
> =6 and type in OPUT to copy files into USS to directories that my 
> normal uid does not have permission but the OPUT works because I am still 
> euid=0.
> I am looking for a way to do this in batch.
>
> Thanks
>
> William Boyer
> System Engineer Sr Advisor
>
> T  410-842-1706
> william.bo...@gdit.com
> One W. Pennsylvania Ave
> Towson, MD 21204
> www.gdit.com<http://www.gdit.com/>
>
>
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Seymour J Metz 
Life will be easier if you learn how to use Unix commands, e.g., su, sudo, from 
the command line.


From: IBM Mainframe Discussion List  on behalf of 
Boyer, William <0442c7525a40-dmarc-requ...@listserv.ua.edu>
Sent: Thursday, August 11, 2022 8:50 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Superuser (su) in batch

My userid on z/OS is not a superuser but I have RACF READ access to 
BPX.SUPERUSER.   Occasionally as a Systems Programmer, I need to have perform 
something in USS that requires UID=0. In TSO I can switch to EUID=0 by going to 
3.17 (Utilities/Udlist) and type a su which seems to stay set for the entire 
length of the TSO session.   Is there a way do a su in batch and then copy 
files or adjust permits/owner etc.

For example interactively, I can set my euid=0 with su in 3.17, then go to =6 
and type in OPUT to copy files into USS to directories that my normal uid does 
not have permission but the OPUT works because I am still euid=0.  I am looking 
for a way to do this in batch.

Thanks

William Boyer
System Engineer Sr Advisor

T   410-842-1706
william.bo...@gdit.com
One W. Pennsylvania Ave
Towson, MD 21204
https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.gdit.com%2Fdata=05%7C01%7Csmetz3%40gmu.edu%7C92aef4326fa44a0f7c8208da7b982b93%7C9e857255df574c47a0c00546460380cb%7C0%7C0%7C637958190739900298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=uxIZC5xFLOVT1gKy53MvQHNSH0E7sYWnKehiCAvo4Q0%3Dreserved=0<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.gdit.com%2Fdata=05%7C01%7Csmetz3%40gmu.edu%7C92aef4326fa44a0f7c8208da7b982b93%7C9e857255df574c47a0c00546460380cb%7C0%7C0%7C637958190739900298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=uxIZC5xFLOVT1gKy53MvQHNSH0E7sYWnKehiCAvo4Q0%3Dreserved=0>






--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Ituriel do Neto 
You may try:

//STEP1  EXEC PGM=IKJEFT01                                   
//SYSEXEC  DD   DISP=SHR,DSN=SYS1.SBPXEXEC                        
//SYSTSPRT DD   SYSOUT=*                                                  
//SYSTSIN  DD   *                                                         
  PROF MSGID WTPMSG                                                       
  OSHELL su                                                               



Best Regards

Ituriel do Nascimento Neto
z/OS System Programmer






Em quinta-feira, 11 de agosto de 2022 10:07:58 BRT, Rob Schramm 
 escreveu: 





Coz toolkit is very easy to use for switching to superuser.

Rob

On Thu, Aug 11, 2022, 08:51 Boyer, William <
0442c7525a40-dmarc-requ...@listserv.ua.edu> wrote:

> My userid on z/OS is not a superuser but I have RACF READ access to
> BPX.SUPERUSER.  Occasionally as a Systems Programmer, I need to have
> perform something in USS that requires UID=0. In TSO I can switch to EUID=0
> by going to 3.17 (Utilities/Udlist) and type a su which seems to stay set
> for the entire length of the TSO session.  Is there a way do a su in batch
> and then copy files or adjust permits/owner etc.
>
> For example interactively, I can set my euid=0 with su in 3.17, then go to
> =6 and type in OPUT to copy files into USS to directories that my normal
> uid does not have permission but the OPUT works because I am still euid=0.
> I am looking for a way to do this in batch.
>
> Thanks
>
> William Boyer
> System Engineer Sr Advisor
>
> T  410-842-1706
> william.bo...@gdit.com
> One W. Pennsylvania Ave
> Towson, MD 21204
> www.gdit.com
>
>
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Rob Schramm 
Coz toolkit is very easy to use for switching to superuser.

Rob

On Thu, Aug 11, 2022, 08:51 Boyer, William <
0442c7525a40-dmarc-requ...@listserv.ua.edu> wrote:

> My userid on z/OS is not a superuser but I have RACF READ access to
> BPX.SUPERUSER.   Occasionally as a Systems Programmer, I need to have
> perform something in USS that requires UID=0. In TSO I can switch to EUID=0
> by going to 3.17 (Utilities/Udlist) and type a su which seems to stay set
> for the entire length of the TSO session.   Is there a way do a su in batch
> and then copy files or adjust permits/owner etc.
>
> For example interactively, I can set my euid=0 with su in 3.17, then go to
> =6 and type in OPUT to copy files into USS to directories that my normal
> uid does not have permission but the OPUT works because I am still euid=0.
> I am looking for a way to do this in batch.
>
> Thanks
>
> William Boyer
> System Engineer Sr Advisor
>
> T   410-842-1706
> william.bo...@gdit.com
> One W. Pennsylvania Ave
> Towson, MD 21204
> www.gdit.com
>
>
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Superuser (su) in batch

2022-08-11 Thread Paul Gilmartin 
On Thu, 11 Aug 2022 12:50:49 +, Boyer, William wrote:

>My userid on z/OS is not a superuser but I have RACF READ access to 
>BPX.SUPERUSER.   Occasionally as a Systems Programmer, I need to have perform 
>something in USS that requires UID=0. In TSO I can switch to EUID=0 by going 
>to 3.17 (Utilities/Udlist) and type a su which seems to stay set for the 
>entire length of the TSO session.   Is there a way do a su in batch and then 
>copy files or adjust permits/owner etc.
>
ISPF in batch?

BPXBATCH or BPXBATSL?

BPXWUNIX from IRXJCL?

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Superuser (su) in batch

2022-08-11 Thread Boyer, William 
My userid on z/OS is not a superuser but I have RACF READ access to 
BPX.SUPERUSER.   Occasionally as a Systems Programmer, I need to have perform 
something in USS that requires UID=0. In TSO I can switch to EUID=0 by going to 
3.17 (Utilities/Udlist) and type a su which seems to stay set for the entire 
length of the TSO session.   Is there a way do a su in batch and then copy 
files or adjust permits/owner etc.

For example interactively, I can set my euid=0 with su in 3.17, then go to =6 
and type in OPUT to copy files into USS to directories that my normal uid does 
not have permission but the OPUT works because I am still euid=0.  I am looking 
for a way to do this in batch.

Thanks

William Boyer
System Engineer Sr Advisor

T   410-842-1706
william.bo...@gdit.com
One W. Pennsylvania Ave
Towson, MD 21204
www.gdit.com






--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN