Ah - but the lovely SHUTDOWN SYSTEM xxxxx feature in z/VM 5.4 should very much help reduce risk of accidental shutdown. You have to be pretty deliberate if you turn that feature on ...
But yes .. there are plenty of other commands and reasons to limit class A use.. Scott On Thu, Feb 4, 2010 at 11:44 AM, Schuh, Richard <rsc...@visa.com> wrote: > It isn't a matter of trust, it is a matter of minimizing the risk of an > accidental SHUTDOWN. Here MAINT does not have class A; however it does have > class C. That allows it to use the SET PRIV * +A in order to issue class A > commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra > step of the SET PRIV, it heightens the awareness of the person to the fact > that they now have extraordinary capabilities and responsibilities. > > > Regards, > Richard Schuh > > > > > ------------------------------ > *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On > Behalf Of *Howard Rifkind > *Sent:* Thursday, February 04, 2010 10:34 AM > > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Re: Hi everybody > > Rich, > > Just curious about you comment in this post about not liking to even have > user maint have an ‘A’ class privilege. > > Who then would you suggest having a class A privilege? > > None of the other user id’s have class A … Operator? > > I never had any issues with user id Maint having all the available > privileges as only the z/VM sysprogs use Maint and if you can’t trust them > then who? > > > --- On *Thu, 2/4/10, Rich Greenberg <ric...@panix.com>* wrote: > > > From: Rich Greenberg <ric...@panix.com> > Subject: Re: Hi everybody > To: IBMVM@LISTSERV.UARK.EDU > Date: Thursday, February 4, 2010, 12:20 PM > > On: Thu, Feb 04, 2010 at 06:00:37PM +0100,Mario Izaguirre Wrote: > > } I'm login with my user-id (maiz) > > } send ftpgest0 close cons > } > } HCPSEC068E SEND command failed; receiver has not authorized sender > } > } Ready(00068); T=0.01/0.01 17:58:43 > > You need to add the proper VM privledge class to your ID. Easiest way > is just duplicate the classes MAINT has.. BE CARFULL!!!! > > I don't like class A on either MAINT or your ID as it TOO powerful. > Many of us have unintentionally shut VM down at one time. Rarely twice. > You can always add it with SET PRIV if you REALLY need it. > > -- > Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 > 1353 > Eastern time. N6LRT I speak for myself & my dogs only. VM'er since > CP-67 > Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians > Owner:Chinook-L > Retired at the beach Asst > Owner:Sibernet-L > > >
