On Wednesday, 07/21/2010 at 12:23 EDT, Michael Harding/Oakland/i...@ibmus wrote: > cp st hlse8d8 40 > RPIMGR055E COMMAND STORE.C NOT DEFINED TO RACF > Store complete.
*slap* Not only is this not for the faint of heart, it is a path to the Dark Side. In a well-secured environment, the STORE HOST command is not permitted, even by a class C user, without additional ESM permission. And such permission is given only at Management direction. And *that* is given only the request of the IBM Support Center or in case of dire emergency when lives or property are at risk. You get the idea. For those without an ESM, move STORE HOST to some other privclass and put COMMAND SET PRIVCLASS * -<class> in your directory. Access to <class> is under the same rules as ESM permissions. Obviously not intended to protect the system from a determined sysprog, but simply to provide another layer of protection, and to serve as a reminder of the Policy. The rest of CP does not know what you are changing and it is easy to corrupt the operation of CP with this command. The reviled Dennis Nedry had the moral equivalent of STORE HOST privileges; look at the chaos he caused. And he was just a character in a movie! Now you've got me thinking about a SYSTEM CONFIG option to disable STORE HOST (a la SET JOURNAL) and making it the default. You would have no choice, but to re-IPL to get the command back (unless you want to alter memory from the HMC?). Hmmmm..... now, where are my coding sheets.... Alan Altmark z/VM Development IBM Endicott
