NTAC:3NS-20 Good question. Reminds me of the age-old Auditor 101 question: "What do you do to restrict AMASPZAP?" Explaining that it's just a tool like any other and that the real issue is properly securing the entities it might update is the real solution always fell on deaf ears. They believed there was something magical about Zap.
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Paul Gilmartin > Sent: Tuesday, August 22, 2017 11:15 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: [EXT] Re: permissions to /bin/sh > > On Wed, 23 Aug 2017 07:08:39 +0300, ITschak Mugzach wrote: > > > >There are users associated with tasks. Disallowing shell is much like > >tbe protected attribute in racf. > > > Shouldn't the better practice be to protect the resources rather than restrict > the tool? > > >בתאריך 22 באוג 2017 23:00, "Paul Gilmartin" כתב: > >> > >> >0755 or less > >> > > >> Why would *anyone* *ever* choose to restrict the permissions of sh!? > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
