For what reasons would a program need UID(0)? The only reason I can think of is when a daemon is starting processes and switching the userid. And here IBM made things really easy, I think. A daemon running with a standard userid and with RACF setup for program control, can switch the userid after a successful call to BPX1PWD (__passwd()), then if it needs to do a spawn() (BPX1SPN).
Is this correct? Lindy -----Alkuperäinen viesti----- Lähettäjä: IBM Mainframe Discussion List puolesta: Patrick O'Keefe Lähetetty: ma 13.11.2006 21:49 Vastaanottaja: IBM-MAIN@BAMA.UA.EDU Aihe: Re: Unix Security On Mon, 13 Nov 2006 17:28:47 +0100, R.S. <[EMAIL PROTECTED]> wrote: I think we need to repeat John's "no person with UID(0)" plea often and loudly because we have to counteract those Program Directories (and non-IBM equivalents) that still say UID(0) is required. Many product still have installation instructions claiming this because the packagers are to lazy to determine their true needs. And don't care that they are are advocating a security and integrity exposure. Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html