I have some relatively vague memories that someone with SFS admin rights could connect to SFS using different authorities concurrently. Thinking a bit deeper: the FTP server uses this during an FTP PUT or GET with SFS. I don't think it uses Diag D4 to start talking to SFS.
Kris Buelens, --- VM/VSE consultant, Belgium --- ----------------------------------------------------------------------- Op do 14 dec 2023 om 08:26 schreef Rob van der Heij <rvdh...@gmail.com>: > On Thu, 14 Dec 2023 at 05:40, Donald Russell <russell....@gmail.com> > wrote: > > > > > Thanks Rob, > > Since >SFS uses a private work unit by default, doesn’t that mean it > gets a > > new work unit before connecting to the sfs server? Diag d4 is done before > > the pipe command, so I’m expecting the new connection to appear to > initiate > > from the altuser id. > > > > And that means you specify the file such that the nose driver knows to use > >sfs and not go through the mini disk simulation on accessed SFS > directories... > > > > > Am I misunderstanding what PIPE AHELP >SFS is telling me? What > > does”PRIVATE” mean in this context? > > > > It means >sfs allocates a work unit specifically for that file, so nothing > else in the virtual machine observes the effect until the stage ends. > > I know CMS caches persistent IUCV connections to the SFS server. I don't > recall playing with D4 like this. I don't know whether CMS keeps track of > the identity while the IUCV connection was established, and knows to expire > that when things change. > You normally do the D4 very early in the life of the virtual machine, so > you can reason about the possible leakage of data between the two > identities. I know from experience that once you try to aggregate rights > from different identities, things get very complicated. You could for > example link to a disk as user A and then identify as B and link another > disk. When you then run an application associated with A, you do that with > the privilege of user B. > > Rob >