On Tue, 12 Feb 2013 09:04:10 -0800, Charles Mills wrote: >Gil would know the answer to the first half of this ... > >I'm not a UNIX expert. My sole claim to UNIX expertise is that I once >*managed* a bunch of UNIX experts. I seem to recall that in UNIX you can do >something like the following -- and I'm using the wrong terms, but hopefully >you can get what I mean. Suppose you have an executable X. You can set its >security such that only user FOO can run it. FOO is not a real person. >Instead, you have a program Y that you set up such that it runs with the >authority of FOO. So then a user can potentially run program Y which in turn >runs program X, but that user cannot himself run X all by itself. > >Is my recollection correct? > Yes. FOO must be defined as a user, but you needn't disclose its password. There are many undesirable consequences to running X with authority of FOO. File permissions for the first.
>z/OS and RACF don't have an equivalent facility, do they? > since "MVS _is_ UNIX", you can do the same with z/OS. Or, with RACF, limit access to the linklib containing FOO. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
