On Friday, 05/29/2009 at 07:23 EDT, Kris Buelens <kris.buel...@gmail.com> wrote: > I found three things out today about SET PRIVCLASS and the SETVMDBK > EXEC (that is available on the VM download lib since 2002) > 0. My memory is more and more rusty. > 1. I had a newer version of it on my VM system > 2. SETVMDBK allows to change the PRIVCLASS of users, irrespective of > what is in SYSTEM CONFIG > So, I sent the new level to > http://www.vm.ibm.com/download/packages/descript.cgi?SETVMDBK
I think it would be safe to say that IBM recommends AGAINST issuing a STORE HOST unless you are doing so at the direction of Support Centre. As some have discovered, STORE HOST introduces an "unstable element" (the systems programmer? };-) ) into the system, creating risk of an abend. Of course, IBM's recommendation is just once piece of input to the decision. If the benefit outweighs the risk, then follow your heart.... On a properly secured z/VM system, issuing STORE HOST will bring the Auditors to your door (if they are listening to me, anyway). Be sure to have a signed directive from your management, aka a "Get out of jail free card". I really must get cracking on the "z/VM Auditor's Field and Survival Guide" [Free cudgel included at no extra charge! Now contains the most common phrases heard from z/VM security weasels in the wild, including such hits as "I'm gonna whap you upside yo' head, son!" and "I don't think so, Tim." For a limited time only, it also includes a fold-out full-color diagram of the interior of the human kneecap.] Alan Altmark z/VM Development IBM Endicott
