I have some relatively vague memories that someone with SFS admin rights
could connect to SFS using different authorities concurrently.
Thinking a bit deeper: the FTP server uses this during an FTP PUT or GET
with SFS. I don't think it uses Diag D4 to start talking to SFS.
Kris Buelens,
--- VM/VSE consultant, Belgium ---
-----------------------------------------------------------------------
Op do 14 dec 2023 om 08:26 schreef Rob van der Heij <rvdh...@gmail.com>:
> On Thu, 14 Dec 2023 at 05:40, Donald Russell <russell....@gmail.com>
> wrote:
>
> >
> > Thanks Rob,
> > Since >SFS uses a private work unit by default, doesn’t that mean it
> gets a
> > new work unit before connecting to the sfs server? Diag d4 is done before
> > the pipe command, so I’m expecting the new connection to appear to
> initiate
> > from the altuser id.
> >
>
> And that means you specify the file such that the nose driver knows to use
> >sfs and not go through the mini disk simulation on accessed SFS
> directories...
>
> >
> > Am I misunderstanding what PIPE AHELP >SFS is telling me? What
> > does”PRIVATE” mean in this context?
> >
>
> It means >sfs allocates a work unit specifically for that file, so nothing
> else in the virtual machine observes the effect until the stage ends.
>
> I know CMS caches persistent IUCV connections to the SFS server. I don't
> recall playing with D4 like this. I don't know whether CMS keeps track of
> the identity while the IUCV connection was established, and knows to expire
> that when things change.
> You normally do the D4 very early in the life of the virtual machine, so
> you can reason about the possible leakage of data between the two
> identities. I know from experience that once you try to aggregate rights
> from different identities, things get very complicated. You could for
> example link to a disk as user A and then identify as B and link another
> disk. When you then run an application associated with A, you do that with
> the privilege of user B.
>
> Rob
>
