On Tue, Apr 27, 2021 at 7:07 AM Paul Gilmartin < [email protected]> wrote:
> On Tue, 27 Apr 2021 14:33:01 +0300, ITschak Mugzach wrote: > > >a user asks to have access to the uss sleep syscall. We would like to > limit > >the user only to this function. is this possible? > > > Why? Are there any security risks with other SYSCALLs? > > And how are you preventing such access now? > > How would you prevent access to Callable Services by means > other than Rexx? > > I suspect the Totalitarian Principle is operating here: "Anything > not compulsory is forbidden!" Perhaps. I know that many z/OS types & management likes to "lock down" everything in sight. I just got issued a new company laptop. It, supposedly, comes with everything that I need to do my job. And nothing else. I cannot install or uninstall anything. It automatically logs into the corporate LAN, which has a corporate "net nanny" installed. I don't mind much because it does really have the minimal that I need to do my assigned work. But, on my old Windows machine, I could install PERL and AWK, which I often used to do "ad hoc" processing. I can do this on our mainframe, but that costs MSUs, which costs money, which has people asking "what are you doing". Curiously, I do the same thing using REXX in batch or TSO & there is not a murmur. (don't tell them, but I have a Linux desktop on which I have installed PostgreSQL. I use IRRDBU00 to create a RACF unload which I ftp down & put into a database to generate reports.) > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
