On Thursday, 03/19/2009 at 05:19 EDT, Chan Kok Leong <c...@chankle.net> wrote:
> I am talking about the MAINT profile in USER DIRECT. > I help to maintain a test system when users are free to edit that file > so that they can create their own guests to work with. > A thought came to me on how to recover the system if someone change the > password for the MAINT user and then somehow forgets it. > In the linux world, there are ways to reset the root password, you know > for times when the sysadmin forgets his password. > Is there something similar for z/VM? If the sysadmin forgets his password, then sysadmin2 will have to reset it. If sysadmin2 forgets his password, too, then (1) you have to declare an emergency and begin to recover the system, and (2) check the water supply for memory-damaging chemicals. The answer to "How do I recover?" is different depending on whether your system is safe and secured by using an external security manager such as RACF, VM:Secure, et. al., to store and encrypt passwords, or whether you have a vulnerable unsecured system with no ESM at all. (shudder) >From your subsequent posts, it sounds like you fall into the latter category (you let people look at USER DIRECT which contains passwords). In that case your objective is to find USER DIRECT and look at the password contained therein. On a vanilla system, that means you want MAINT 2CC. In z/VM 5.3 and 5.4 it is 5 cylinders in size and located at cylinder 506 on the RES pack. To get to it you either need access to a user who can get access to the disk or who can issue DEFINE MDISK. The system OPERATOR can do it: DEFINE MDISK 2CC 506 5 540RES ACCESS 506 M/M (read-only) XEDIT USER DIRECT M SET VARBLANK ON /USER MAINT If your operator's console is in linemode, you have special challenges. If you can't get to the disk from the system that is up, then you have to bring up another system that can get to the volume. If you change the location or size of MAINT 2CC, WRITE IT DOWN in a safe place. That place should be in your Disaster Recovery plan. (Even if you don't change it, WRITE IT DOWN.) Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
