On Friday, 06/10/2011 at 10:19 EDT, Scott Rohling <scott.rohl...@gmail.com> wrote: > If that's the case - you don't grant access. I am objecting to the > automatic assumption that there's a security problem because someone wants > to use a driver to read a z/OS volume. Just as if I have a confidential > file on my 191 disk.. I don't grant access even if the rest of the files > are completely benign.
Yes, *you as the owner of the data* do not grant access. The MVS dataset owner and MVS security policy cannot control the Linux guest's access to the data. Out-of-band data access is ALWAYS a security concern. Permission is administratively denied until you demonstrate why in-band access (e.g. SAMBA, NFS) cannot be used and how you will mitigate those concerns. This is a major reason people use encrypting tape drives for backups. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
