>In fact, there is a good paper on limiting the privilege class and commands allowed for a linux guest. It is a good read and gives some excellent ideas on how to protect a linux guest from shooting itself in the foot.
I suppose a reference would be good, eh?? It is a red paper: http://www.redbooks.ibm.com/abstracts/redp3870.html _______________________________________ James Vincent Systems Engineering Consultant Nationwide Services Co., Technology Solutions Mainframe, z/VM and z/Linux Support One Nationwide Plaza 3-20-13 Columbus OH 43215-2220 U.S.A Voice: (614) 249-5547 Fax: (614) 677-7681 mailto:[EMAIL PROTECTED] The IBM z/VM Operating System <IBMVM@LISTSERV.UARK.EDU> wrote on 06/29/2006 10:00:41 AM: > IBMVM@LISTSERV.UARK.EDU > > First, apologies as I am a VM newbie. (And a linux newbie, for that > matter). > > We would like to be able to add dasd to a linux's logical volume group on > the fly. We have been able to do this by making sure all our dasd is online > at ipl, then we det the dev from system, att it to our userid, format it, > att it back to system and then do a define mdisk from the linux vm userid. > We then add it to user direct for the next time the linux user logs off and > back on. > The trouble with this is, the linux guest must have "A" priveledge and > devmaint, which is undesirable. Does anyone know of a way around this? > Ideally, what I'd like is the ability to specify a userid on the define > mdisk, so that another ID could do it for the linux guest. As I see it, we > either use devmaint or have to logoff/on the guest. > > Any thoughts or suggestions would be appreciated. > > Regards, > Mary Anne