On Tue, Apr 27, 2021 at 7:33 AM Itschak Mugzach <
[email protected]> wrote:
> Have a look at getpwent. If I am not allowing a user to list RACF users,
> why are they allowed to list it via this command using syscalls?
>
I see. I tried to chase the documentation chain, but gave up when the
accursed IBM site stopped dead and demanded that I give them feedback about
how I liked the site. I refrained from telling them what I thought about
being interrupted. In any case, I think this SYSCALL eventually ends up
doing either an R_ADMIN or an RACXTRT to do its work. And those have RACF
profiles to control them (I think).
But having done all that, it is a PITA & I would hate to try to do it for
all of the SYSCALLs. Oh, during this, I found the IRRXUTIL which is another
way to do this. And, of course, the RACF CALLABLE services which can be
used in HLLs to do this. {whew} If someone does this & it "bothers" me,
they regret it. I know how to lay traps that will cause them much pain &
suffering. Especially when I am both the lead sysprog & RACF admin.
>
> ITschak
>
>
>
> *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
> and IBM I **| *
>
> *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|*
> *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|*
>
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
