I also agree with Richard.
-----Original Message-----
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf
Of O'Brien, Dennis L
Sent: Friday, August 24, 2007 6:22 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Ops privs
I agree with Richard. Not only do you have a serialization issue with
multiple people able to issue commands, but all these additional commands would
need to be logable by an ESM. I can't think of any cases where I'd want to
give SEND or SIGNAL SHUTDOWN authorization to general users. If I did, I'd
rather be able to give that authorization individually, and not have it lumped
in with Logonby.
Dennis O'Brien
_____
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf
Of Schuh, Richard
Sent: Friday, August 24, 2007 13:21
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] Ops privs
No. No. No. No. No.
We use LOGONBY as a means of controlling who is allowed to log on to
group ids and tracking what they do. None of those other commands would be
useful or necessary in that context. Giving those permissions would negate, or
at least complicate, our ability to track who did what when. Further, we would
not want one user to be able to alter or compromise the functions being
performed by another who was already logged on via LOGONBY. SEND, FORCE, and
SIGNAL SHUTDOWN certainly have that potential, for example.
Most of what is listed could be useful only to someone who is really
knowledgeable about the functions of the virtual machine. They are also mostly
useful in looking after service machines. They are not useful to someone who is
a more naïve user who logs on to a group id to perform simple functions or to
run an application program, and could be somewhat dangerous if abused,
accidentally or on purpose, by such a person. It is the latter group that we
must protect against by not giving them authorities that they will never need.
The former group probably has the knowledge needed to function without the
added authority.
Regards,
Richard Schuh
_____
There are some who believe that the authority to LOGON BY to a user
should
implicitly allow:
- XAUTOLOG
- SET SECUSER or OBSERVER
- SEND (a la class C)
- FORCE
- SIGNAL SHUTDOWN
Thoughts?
--
Kris Buelens,
IBM Belgium, VM customer support
--------------------------------------------------------
This message w/attachments (message) may be privileged, confidential or
proprietary, and if you are not an intended recipient, please notify the
sender, do not use or share it and delete it. Unless specifically indicated,
this message is not an offer to sell or a solicitation of any investment
products or other financial product or service, an official confirmation of any
transaction, or an official statement of Merrill Lynch. Subject to applicable
law, Merrill Lynch may monitor, review and retain e-communications (EC)
traveling through its networks/systems. The laws of the country of each
sender/recipient may impact the handling of EC, and EC may be archived,
supervised and produced in countries other than the country in which you are
located. This message cannot be guaranteed to be secure or error-free. This
message is subject to terms available at the following link:
http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you
consent to the foregoing.
--------------------------------------------------------
