Is the READ password ALL for MAINT 123?
JR (Steven) Imler CA Senior Sustaining Engineer Tel: +1-703-708-3479 steven.im...@ca.com From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Hughes, Jim Sent: Friday, November 20, 2009 11:29 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Z/VM 5.4 and VM:Secure running a CLOSED security system We are moving towards running VM:Secure with RULES enabled as a CLOSED security system. Our testing isn't going as well as we hoped. We have had RULES enabled for many years with NORULE ACCEPT in effect. We changed to NURULE REJECT and some funny things are happening. Anyone can issue any CP command with success. For instance, if I am on a general class G user without the OPTION LNKNOPASS directory statement, I can issue LINK MAINT 123 1 RR with success. MAINT's 123 disk does not have ALL as the password. In fact, it doesn't have any passwords at all. >From the same user, if I use VMSECURE QRULES JHUG LINK MAINT 123, VM:Secure tells me the LINK would be rejected via NORULE DEFAULT. Would someone help us figure out what we've missed?? Thanks in advance. Here are the lines from the console. link maint 123 1 rr DASD 0001 LINKED R/O; R/W BY VMSECURE ; R/O BY 4 USERS Ready; T=0.01/0.01 11:24:15 vmsecure qrules jhug link maint 123 VMXACQ0223I Rejected via NORULE default ____________________ Jim Hughes 603-271-5586 "It is fun to do the impossible."
