Re: RSCS Messages
Not Friday yet, just the second Monday of the week :-( Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of David Boyes > Sent: Tuesday, August 17, 2010 6:24 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > > There is/was a school of thought that says it shouldn't be TOO easy > > for someone to get more privileges; that there should be a > ceremony of > > some sort that TPTB would notice. > > Commonly known as the "bonfire of the vanities". > > Please let it be Friday, somewhere... > > --d b >
Re: RSCS Messages
> There is/was a school of thought that says > it > shouldn't be TOO easy for someone to get more privileges; that there > should be a ceremony of some sort that TPTB would notice. Commonly known as the "bonfire of the vanities". Please let it be Friday, somewhere... --d b
Re: RSCS Messages
On Monday, 08/16/2010 at 01:39 EDT, Kris Buelens wrote: > Exactly Alan. What I sent as solution is a bypass: fix things up until they > can get restarted. Countless are clients that only know about MAINT. First > thing I recommend is that the sysprogs use their own userid as much as possible > (after updating the authority config files). > Good to hear there is a solution coming for RSCS, but often SWs allow dynamic > updates for many things, except authorisations. Why? Dynamic authorization for RSCS (RSCSAUTH server) was delivered with z/VM 5.3, so it's already here. There is/was a school of thought that says it shouldn't be TOO easy for someone to get more privileges; that there should be a ceremony of some sort that TPTB would notice. Alan Altmark z/VM Development IBM Endicott
Re: RSCS Messages
My bad on the FOR. When I looked at the HELP, I was on CMS22 checking out something. The FOR command says that it is executed on the target id, so using it on the OPERATOR id would be stepping on toes or crossing lines. The problem was not the ability to issue the START command; I have authorization for that. The problem was those pesky messages. RSCS has since been recycled, so they are no longer a problem. The only answer for them, since they cannot be simply turned off, is to not start a link from my own id. From now on, I will use SEND CP uid SMSG RSCS START ..., where uid is an authorized coworker's id :-) (Actually, SM RSCS RSCS START ... will probably work and will be a better way to go. I bet that Alan would prefer that to some of the alternatives suggested since the source of the command will be duly recorded in the console log.) Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark > Sent: Monday, August 16, 2010 10:09 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > On Monday, 08/16/2010 at 12:02 EDT, "Schuh, Richard" > wrote: > > It is obvious that substituting some other authorized userid for > OPERATOR > > would work. At least with the SEND CP, the other id would have to be > logged > > on. I do not know about FOR, it does not seem to be available on the > system. > > (FOR is interpreted as an abbreviation of FORWARD). > > Why go through this agony? RSCS has the ability to specify > link-authorized operators on the AUTH statement. If you > should have it, then RSCS should be configured to give it to you. > > I also recommend looking at the new RSCSAUTH server so that, > once set up, you can update authorizations without restarting RSCS. > > When I teach security, I teach that people should have the > authorities they need to do their jobs. Michael Crighton > taught us that if sysprogs don't have the authority they > need, then they will find a way to tunnel under the paddock > fences to get it. > > Alan Altmark > z/VM Development > IBM Endicott >
Re: RSCS Messages
Exactly Alan. What I sent as solution is a bypass: fix things up until they can get restarted. Countless are clients that only know about MAINT. First thing I recommend is that the sysprogs use their own userid as much as possible (after updating the authority config files). Good to hear there is a solution coming for RSCS, but often SWs allow dynamic updates for many things, except authorisations. Why? 2010/8/16 Alan Altmark > On Monday, 08/16/2010 at 12:02 EDT, "Schuh, Richard" > wrote: > > It is obvious that substituting some other authorized userid for > OPERATOR > > would work. At least with the SEND CP, the other id would have to be > logged > > on. I do not know about FOR, it does not seem to be available on the > system. > > (FOR is interpreted as an abbreviation of FORWARD). > > Why go through this agony? RSCS has the ability to specify > link-authorized operators on the AUTH statement. If you should have it, > then RSCS should be configured to give it to you. > > I also recommend looking at the new RSCSAUTH server so that, once set up, > you can update authorizations without restarting RSCS. > > When I teach security, I teach that people should have the authorities > they need to do their jobs. Michael Crighton taught us that if sysprogs > don't have the authority they need, then they will find a way to tunnel > under the paddock fences to get it. > > Alan Altmark > z/VM Development > IBM Endicott > -- Kris Buelens, IBM Belgium, VM customer support
Re: RSCS Messages
On Monday, 08/16/2010 at 12:02 EDT, "Schuh, Richard" wrote: > It is obvious that substituting some other authorized userid for OPERATOR > would work. At least with the SEND CP, the other id would have to be logged > on. I do not know about FOR, it does not seem to be available on the system. > (FOR is interpreted as an abbreviation of FORWARD). Why go through this agony? RSCS has the ability to specify link-authorized operators on the AUTH statement. If you should have it, then RSCS should be configured to give it to you. I also recommend looking at the new RSCSAUTH server so that, once set up, you can update authorizations without restarting RSCS. When I teach security, I teach that people should have the authorities they need to do their jobs. Michael Crighton taught us that if sysprogs don't have the authority they need, then they will find a way to tunnel under the paddock fences to get it. Alan Altmark z/VM Development IBM Endicott
Re: RSCS Messages
The OPERATOR id is used by the operators. Any commands executed on it should come from them, else, accountability flies out the window. If a mistake is made from it, I do not want it to be one that I caused by my somewhat unreliable typing skills. Neither does my management want that to happen. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Michael Harding Sent: Monday, August 16, 2010 9:36 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RSCS Messages It depends too on how your procedures define "operator". Do they refer to the OPERATOR userid or the console operator? -- Mike Harding z/VM System Support mhard...@us.ibm.com mike.b.hard...@kp.org mikehard...@mindless.com (925) 926-3179 (w) (925) 323-2070 (c) IM: VMBearDad (AIM), mbhcpcvt (Y!) The IBM z/VM Operating System wrote on 08/16/2010 08:54:33 AM: > From: Kris Buelens > To: IBMVM@LISTSERV.UARK.EDU > Date: 08/16/2010 08:55 AM > Subject: Re: RSCS Messages > Sent by: The IBM z/VM Operating System > > Yes indeed, but you can replace OPERATOR by any other user that has > the right RSCS privs. I hoped that was obvious. > 2010/8/16 Schuh, Richard > Doesn't "SEND CP OPERATOR ..." or "FOR OPERATOR ..." constitute > "having the operator" do it? Neither of those is an acceptable > solution, at least not here. > > Regards, > Richard Schuh
Re: RSCS Messages
It depends too on how your procedures define "operator". Do they refer to the OPERATOR userid or the console operator? -- Mike Harding z/VM System Support mhard...@us.ibm.com mike.b.hard...@kp.org mikehard...@mindless.com (925) 926-3179 (w) (925) 323-2070 (c) IM: VMBearDad (AIM), mbhcpcvt (Y!) The IBM z/VM Operating System wrote on 08/16/2010 08:54:33 AM: > From: Kris Buelens > To: IBMVM@LISTSERV.UARK.EDU > Date: 08/16/2010 08:55 AM > Subject: Re: RSCS Messages > Sent by: The IBM z/VM Operating System > > Yes indeed, but you can replace OPERATOR by any other user that has > the right RSCS privs. I hoped that was obvious. > 2010/8/16 Schuh, Richard > Doesn't "SEND CP OPERATOR ..." or "FOR OPERATOR ..." constitute > "having the operator" do it? Neither of those is an acceptable > solution, at least not here. > > Regards, > Richard Schuh
Re: RSCS Messages
FOR is new since z/VM 5.3 IIRC. As opposed to CP SEND, it sends the CP response back to the command issuer. 2010/8/16 Schuh, Richard > It is obvious that substituting some other authorized userid for OPERATOR > would work. At least with the SEND CP, the other id would have to be logged > on. I do not know about FOR, it does not seem to be available on the system. > (FOR is interpreted as an abbreviation of FORWARD). > > > Regards, > Richard Schuh > > > > > -- > *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On > Behalf Of *Kris Buelens > *Sent:* Monday, August 16, 2010 8:55 AM > > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Re: RSCS Messages > > Yes indeed, but you can replace OPERATOR by any other user that has the > right RSCS privs. I hoped that was obvious. > > 2010/8/16 Schuh, Richard > >> Doesn't "SEND CP OPERATOR ..." or "FOR OPERATOR ..." constitute "having >> the operator" do it? Neither of those is an acceptable solution, at least >> not here. >> >> >> Regards, >> Richard Schuh >> >> >> >> >> -- >> *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On >> Behalf Of *Kris Buelens >> *Sent:* Friday, August 13, 2010 1:32 PM >> >> *To:* IBMVM@LISTSERV.UARK.EDU >> *Subject:* Re: RSCS Messages >> >> What about >> CP SEND RSCS RSCS START xxx >> Then it is RSCS itself that starts the link, >> Or to complete what Mike mentions (and what I regularly used, not only for >> RSCS) >> CP FOR OPERATOR CMD SMSG RSCS START xxx >> or, a bit old fashioned >> CP SEND CP OPERATOR SMSG RSCS START xxx >> for RSCS the 2 commands above come from OPERATOR, not your userid. >> >> 2010/8/12 Michael Harding >> >>> The CP "for" command may be your friend here; after all, SMSG IS a CP >>> command... >>> -- >>> Mike Harding >>> z/VM System Support >>> >>> >>> >>> The IBM z/VM Operating System wrote on >>> 08/12/2010 01:18:40 PM: >>> >>> > From: "Schuh, Richard" >>> >>> > To: IBMVM@LISTSERV.UARK.EDU >>> > Date: 08/12/2010 01:19 PM >>> > Subject: Re: RSCS Messages >>> > Sent by: The IBM z/VM Operating System >>> >>> > >>> > Having the operator do anything other than a simple START, including >>> > "PARM anything" requires an approval process. That said, a scan of >>> > the config file reveals that an id that rarely logs on is >>> > authorized. I will use it as my surrogate. Thanks for the idea. >>> > >>> > Regards, >>> > Richard Schuh >>> > >>> >> >> >> >> -- >> Kris Buelens, >> IBM Belgium, VM customer support >> >> > > > -- > Kris Buelens, > IBM Belgium, VM customer support > > -- Kris Buelens, IBM Belgium, VM customer support
Re: RSCS Messages
It is obvious that substituting some other authorized userid for OPERATOR would work. At least with the SEND CP, the other id would have to be logged on. I do not know about FOR, it does not seem to be available on the system. (FOR is interpreted as an abbreviation of FORWARD). Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Kris Buelens Sent: Monday, August 16, 2010 8:55 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RSCS Messages Yes indeed, but you can replace OPERATOR by any other user that has the right RSCS privs. I hoped that was obvious. 2010/8/16 Schuh, Richard mailto:rsc...@visa.com>> Doesn't "SEND CP OPERATOR ..." or "FOR OPERATOR ..." constitute "having the operator" do it? Neither of those is an acceptable solution, at least not here. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU<mailto:IBMVM@LISTSERV.UARK.EDU>] On Behalf Of Kris Buelens Sent: Friday, August 13, 2010 1:32 PM To: IBMVM@LISTSERV.UARK.EDU<mailto:IBMVM@LISTSERV.UARK.EDU> Subject: Re: RSCS Messages What about CP SEND RSCS RSCS START xxx Then it is RSCS itself that starts the link, Or to complete what Mike mentions (and what I regularly used, not only for RSCS) CP FOR OPERATOR CMD SMSG RSCS START xxx or, a bit old fashioned CP SEND CP OPERATOR SMSG RSCS START xxx for RSCS the 2 commands above come from OPERATOR, not your userid. 2010/8/12 Michael Harding mailto:mhard...@us.ibm.com>> The CP "for" command may be your friend here; after all, SMSG IS a CP command... -- Mike Harding z/VM System Support The IBM z/VM Operating System mailto:IBMVM@LISTSERV.UARK.EDU>> wrote on 08/12/2010 01:18:40 PM: > From: "Schuh, Richard" mailto:rsc...@visa.com>> > To: IBMVM@LISTSERV.UARK.EDU<mailto:IBMVM@LISTSERV.UARK.EDU> > Date: 08/12/2010 01:19 PM > Subject: Re: RSCS Messages > Sent by: The IBM z/VM Operating System > mailto:IBMVM@LISTSERV.UARK.EDU>> > > Having the operator do anything other than a simple START, including > "PARM anything" requires an approval process. That said, a scan of > the config file reveals that an id that rarely logs on is > authorized. I will use it as my surrogate. Thanks for the idea. > > Regards, > Richard Schuh > -- Kris Buelens, IBM Belgium, VM customer support -- Kris Buelens, IBM Belgium, VM customer support
Re: RSCS Messages
Yes indeed, but you can replace OPERATOR by any other user that has the right RSCS privs. I hoped that was obvious. 2010/8/16 Schuh, Richard > Doesn't "SEND CP OPERATOR ..." or "FOR OPERATOR ..." constitute "having > the operator" do it? Neither of those is an acceptable solution, at least > not here. > > > Regards, > Richard Schuh > > > > > -- > *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On > Behalf Of *Kris Buelens > *Sent:* Friday, August 13, 2010 1:32 PM > > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Re: RSCS Messages > > What about > CP SEND RSCS RSCS START xxx > Then it is RSCS itself that starts the link, > Or to complete what Mike mentions (and what I regularly used, not only for > RSCS) > CP FOR OPERATOR CMD SMSG RSCS START xxx > or, a bit old fashioned > CP SEND CP OPERATOR SMSG RSCS START xxx > for RSCS the 2 commands above come from OPERATOR, not your userid. > > 2010/8/12 Michael Harding > >> The CP "for" command may be your friend here; after all, SMSG IS a CP >> command... >> -- >> Mike Harding >> z/VM System Support >> >> >> >> The IBM z/VM Operating System wrote on >> 08/12/2010 01:18:40 PM: >> >> > From: "Schuh, Richard" >> >> > To: IBMVM@LISTSERV.UARK.EDU >> > Date: 08/12/2010 01:19 PM >> > Subject: Re: RSCS Messages >> > Sent by: The IBM z/VM Operating System >> >> > >> > Having the operator do anything other than a simple START, including >> > "PARM anything" requires an approval process. That said, a scan of >> > the config file reveals that an id that rarely logs on is >> > authorized. I will use it as my surrogate. Thanks for the idea. >> > >> > Regards, >> > Richard Schuh >> > >> > > > > -- > Kris Buelens, > IBM Belgium, VM customer support > > -- Kris Buelens, IBM Belgium, VM customer support
Re: RSCS Messages
Doesn't "SEND CP OPERATOR ..." or "FOR OPERATOR ..." constitute "having the operator" do it? Neither of those is an acceptable solution, at least not here. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Kris Buelens Sent: Friday, August 13, 2010 1:32 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RSCS Messages What about CP SEND RSCS RSCS START xxx Then it is RSCS itself that starts the link, Or to complete what Mike mentions (and what I regularly used, not only for RSCS) CP FOR OPERATOR CMD SMSG RSCS START xxx or, a bit old fashioned CP SEND CP OPERATOR SMSG RSCS START xxx for RSCS the 2 commands above come from OPERATOR, not your userid. 2010/8/12 Michael Harding mailto:mhard...@us.ibm.com>> The CP "for" command may be your friend here; after all, SMSG IS a CP command... -- Mike Harding z/VM System Support The IBM z/VM Operating System mailto:IBMVM@LISTSERV.UARK.EDU>> wrote on 08/12/2010 01:18:40 PM: > From: "Schuh, Richard" mailto:rsc...@visa.com>> > To: IBMVM@LISTSERV.UARK.EDU<mailto:IBMVM@LISTSERV.UARK.EDU> > Date: 08/12/2010 01:19 PM > Subject: Re: RSCS Messages > Sent by: The IBM z/VM Operating System > mailto:IBMVM@LISTSERV.UARK.EDU>> > > Having the operator do anything other than a simple START, including > "PARM anything" requires an approval process. That said, a scan of > the config file reveals that an id that rarely logs on is > authorized. I will use it as my surrogate. Thanks for the idea. > > Regards, > Richard Schuh > -- Kris Buelens, IBM Belgium, VM customer support
Re: RSCS Messages
What about CP SEND RSCS RSCS START xxx Then it is RSCS itself that starts the link, Or to complete what Mike mentions (and what I regularly used, not only for RSCS) CP FOR OPERATOR CMD SMSG RSCS START xxx or, a bit old fashioned CP SEND CP OPERATOR SMSG RSCS START xxx for RSCS the 2 commands above come from OPERATOR, not your userid. 2010/8/12 Michael Harding > The CP "for" command may be your friend here; after all, SMSG IS a CP > command... > -- > Mike Harding > z/VM System Support > > > > The IBM z/VM Operating System wrote on > 08/12/2010 01:18:40 PM: > > > From: "Schuh, Richard" > > > To: IBMVM@LISTSERV.UARK.EDU > > Date: 08/12/2010 01:19 PM > > Subject: Re: RSCS Messages > > Sent by: The IBM z/VM Operating System > > > > > Having the operator do anything other than a simple START, including > > "PARM anything" requires an approval process. That said, a scan of > > the config file reveals that an id that rarely logs on is > > authorized. I will use it as my surrogate. Thanks for the idea. > > > > Regards, > > Richard Schuh > > > -- Kris Buelens, IBM Belgium, VM customer support
Re: RSCS Messages
Not to worry. The MVS system caused the link to go down. It came up with the IP address from the last startup, so a special pass was issued for recycling RSCS. That will end the messages. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Michael Harding Sent: Thursday, August 12, 2010 1:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RSCS Messages The CP "for" command may be your friend here; after all, SMSG IS a CP command... -- Mike Harding z/VM System Support The IBM z/VM Operating System wrote on 08/12/2010 01:18:40 PM: > From: "Schuh, Richard" > To: IBMVM@LISTSERV.UARK.EDU > Date: 08/12/2010 01:19 PM > Subject: Re: RSCS Messages > Sent by: The IBM z/VM Operating System > > Having the operator do anything other than a simple START, including > "PARM anything" requires an approval process. That said, a scan of > the config file reveals that an id that rarely logs on is > authorized. I will use it as my surrogate. Thanks for the idea. > > Regards, > Richard Schuh >
Re: RSCS Messages
I have a secondary id;, it is the class G, unauthorized id. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Tony Thigpen > Sent: Thursday, August 12, 2010 1:29 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Suggestion time. > > My auditors always had me use two different userids. My > primary only had 'normal' access while my secondary user had > full class-A access and was the one listed in RSCS, etc. as > an authorized user. (I was the System's Programming manager > in a small shop and my duties included being the security > manager also.) The auditor received a report of any logons to > that ID so I had to log what function I performed using that userid. > Just like not giving root access to your normal linux id. > > Anyway, you might want to set up a secondary userid for > yourself and such a userid could have been used to pull back > the RSCS messages. > > > Tony Thigpen > > -Original Message - > From: Schuh, Richard > Sent: 08/12/2010 04:18 PM > > Having the operator do anything other than a simple START, > including "PARM anything" requires an approval process. That > said, a scan of the config file reveals that an id that > rarely logs on is authorized. I will use it as my surrogate. > Thanks for the idea. > > > > Regards, > > Richard Schuh > > > > > > > >> -Original Message- > >> From: The IBM z/VM Operating System > >> [mailto:ib...@listserv.uark.edu] On Behalf Of Tony Thigpen > >> Sent: Thursday, August 12, 2010 1:02 PM > >> To: IBMVM@LISTSERV.UARK.EDU > >> Subject: Re: RSCS Messages > >> > >> Force it back to operator by stoping/starting the link > from operator. > >> > >> Based on what I have seen, if the user logs off *AND* RSCS > tries to > >> send another message while the user is logged off, then it reverts > >> back to the operator automatically. > >> > >> Tony Thigpen > >> > >> -Original Message - > >> From: Schuh, Richard > >> Sent: 08/12/2010 12:12 PM > >>> When a user starts a link via SMSG command, it becomes a > >> special pal > >>> of RSCS and receives messages about that link forever or > >> until RSCS is > >>> recycled, whichever comes first. Is there any other way > of causing > >>> RSCS to quit sending the messages? I tried the SETMSG ALL > >> OFF command > >>> and found out that I was not subscribed for any messages :-( > >>> > >>> Regards, > >>> Richard Schuh > >>> > >>> > >>> > >> > > > > >
Re: RSCS Messages
Yes. Same result as setmsg command. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Ron Schmiedge > Sent: Thursday, August 12, 2010 1:28 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Did you try using "SET linkid NOMSG"? > > Ron > > On Thu, Aug 12, 2010 at 2:18 PM, Schuh, Richard > wrote: > > Having the operator do anything other than a simple START, > including "PARM anything" requires an approval process. That > said, a scan of the config file reveals that an id that > rarely logs on is authorized. I will use it as my surrogate. > Thanks for the idea. > > > > Regards, > > Richard Schuh > > > > > > > >> -Original Message- > >> From: The IBM z/VM Operating System > >> [mailto:ib...@listserv.uark.edu] On Behalf Of Tony Thigpen > >> Sent: Thursday, August 12, 2010 1:02 PM > >> To: IBMVM@LISTSERV.UARK.EDU > >> Subject: Re: RSCS Messages > >> > >> Force it back to operator by stoping/starting the link > from operator. > >> > >> Based on what I have seen, if the user logs off *AND* RSCS > tries to > >> send another message while the user is logged off, then it reverts > >> back to the operator automatically. > >> > >> Tony Thigpen > >> > >> -Original Message - > >> From: Schuh, Richard > >> Sent: 08/12/2010 12:12 PM > >> > When a user starts a link via SMSG command, it becomes a > >> special pal > >> > of RSCS and receives messages about that link forever or > >> until RSCS is > >> > recycled, whichever comes first. Is there any other way > of causing > >> > RSCS to quit sending the messages? I tried the SETMSG ALL > >> OFF command > >> > and found out that I was not subscribed for any messages :-( > >> > > >> > Regards, > >> > Richard Schuh > >> > > >> > > >> > > >> >
Re: RSCS Messages
The CP "for" command may be your friend here; after all, SMSG IS a CP command... -- Mike Harding z/VM System Support The IBM z/VM Operating System wrote on 08/12/2010 01:18:40 PM: > From: "Schuh, Richard" > To: IBMVM@LISTSERV.UARK.EDU > Date: 08/12/2010 01:19 PM > Subject: Re: RSCS Messages > Sent by: The IBM z/VM Operating System > > Having the operator do anything other than a simple START, including > "PARM anything" requires an approval process. That said, a scan of > the config file reveals that an id that rarely logs on is > authorized. I will use it as my surrogate. Thanks for the idea. > > Regards, > Richard Schuh >
Re: RSCS Messages
Suggestion time. My auditors always had me use two different userids. My primary only had 'normal' access while my secondary user had full class-A access and was the one listed in RSCS, etc. as an authorized user. (I was the System's Programming manager in a small shop and my duties included being the security manager also.) The auditor received a report of any logons to that ID so I had to log what function I performed using that userid. Just like not giving root access to your normal linux id. Anyway, you might want to set up a secondary userid for yourself and such a userid could have been used to pull back the RSCS messages. Tony Thigpen -Original Message - From: Schuh, Richard Sent: 08/12/2010 04:18 PM > Having the operator do anything other than a simple START, including "PARM > anything" requires an approval process. That said, a scan of the config file > reveals that an id that rarely logs on is authorized. I will use it as my > surrogate. Thanks for the idea. > > Regards, > Richard Schuh > > > >> -Original Message- >> From: The IBM z/VM Operating System >> [mailto:ib...@listserv.uark.edu] On Behalf Of Tony Thigpen >> Sent: Thursday, August 12, 2010 1:02 PM >> To: IBMVM@LISTSERV.UARK.EDU >> Subject: Re: RSCS Messages >> >> Force it back to operator by stoping/starting the link from operator. >> >> Based on what I have seen, if the user logs off *AND* RSCS >> tries to send another message while the user is logged off, >> then it reverts back to the operator automatically. >> >> Tony Thigpen >> >> -Original Message - >> From: Schuh, Richard >> Sent: 08/12/2010 12:12 PM >>> When a user starts a link via SMSG command, it becomes a >> special pal >>> of RSCS and receives messages about that link forever or >> until RSCS is >>> recycled, whichever comes first. Is there any other way of causing >>> RSCS to quit sending the messages? I tried the SETMSG ALL >> OFF command >>> and found out that I was not subscribed for any messages :-( >>> >>> Regards, >>> Richard Schuh >>> >>> >>> >> > >
Re: RSCS Messages
Did you try using "SET linkid NOMSG"? Ron On Thu, Aug 12, 2010 at 2:18 PM, Schuh, Richard wrote: > Having the operator do anything other than a simple START, including "PARM > anything" requires an approval process. That said, a scan of the config file > reveals that an id that rarely logs on is authorized. I will use it as my > surrogate. Thanks for the idea. > > Regards, > Richard Schuh > > > >> -Original Message- >> From: The IBM z/VM Operating System >> [mailto:ib...@listserv.uark.edu] On Behalf Of Tony Thigpen >> Sent: Thursday, August 12, 2010 1:02 PM >> To: IBMVM@LISTSERV.UARK.EDU >> Subject: Re: RSCS Messages >> >> Force it back to operator by stoping/starting the link from operator. >> >> Based on what I have seen, if the user logs off *AND* RSCS >> tries to send another message while the user is logged off, >> then it reverts back to the operator automatically. >> >> Tony Thigpen >> >> -Original Message - >> From: Schuh, Richard >> Sent: 08/12/2010 12:12 PM >> > When a user starts a link via SMSG command, it becomes a >> special pal >> > of RSCS and receives messages about that link forever or >> until RSCS is >> > recycled, whichever comes first. Is there any other way of causing >> > RSCS to quit sending the messages? I tried the SETMSG ALL >> OFF command >> > and found out that I was not subscribed for any messages :-( >> > >> > Regards, >> > Richard Schuh >> > >> > >> > >>
Re: RSCS Messages
Having the operator do anything other than a simple START, including "PARM anything" requires an approval process. That said, a scan of the config file reveals that an id that rarely logs on is authorized. I will use it as my surrogate. Thanks for the idea. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Tony Thigpen > Sent: Thursday, August 12, 2010 1:02 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Force it back to operator by stoping/starting the link from operator. > > Based on what I have seen, if the user logs off *AND* RSCS > tries to send another message while the user is logged off, > then it reverts back to the operator automatically. > > Tony Thigpen > > -Original Message - > From: Schuh, Richard > Sent: 08/12/2010 12:12 PM > > When a user starts a link via SMSG command, it becomes a > special pal > > of RSCS and receives messages about that link forever or > until RSCS is > > recycled, whichever comes first. Is there any other way of causing > > RSCS to quit sending the messages? I tried the SETMSG ALL > OFF command > > and found out that I was not subscribed for any messages :-( > > > > Regards, > > Richard Schuh > > > > > > >
Re: RSCS Messages
Force it back to operator by stoping/starting the link from operator. Based on what I have seen, if the user logs off *AND* RSCS tries to send another message while the user is logged off, then it reverts back to the operator automatically. Tony Thigpen -Original Message - From: Schuh, Richard Sent: 08/12/2010 12:12 PM > When a user starts a link via SMSG command, it becomes a special pal of > RSCS and receives messages about that link forever or until RSCS is > recycled, whichever comes first. Is there any other way of causing RSCS > to quit sending the messages? I tried the SETMSG ALL OFF command and > found out that I was not subscribed for any messages :-( > > Regards, > Richard Schuh > > >
Re: RSCS Messages
Here is a little EXEC I use: /* */ trace Off smsg RSCS drain ZVMUAFC sleep 2 sec smsg RSCS delete ZVMUAFC sleep 2 sec 'smsg rscs define ZVMUAFC TYPE TCPNJE Q PRI NODE ZVMUAFC DP 5 CL * ASTART RETRY' sleep 2 sec 'smsg RSCS start ZVMUAFC PARM STREAMS=2 BUFF=8192 COMP=MAX ITO=100 OPT=YES MAXD=10 TCP=TCPIP02 HOST=192.168.75.191' EXit Thank you, Scott -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: Thursday, August 12, 2010 1:50 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RSCS Messages Had to change an IP address while the system was up. It normally is ASTART but that would not work in this case, it would go to the address in the config file when RSCS started. I guess I will look for an opportune moment and recycle RSCS. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of peter.w...@ttc.ca > Sent: Thursday, August 12, 2010 11:42 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Then don't start a link, define it with autostart. We do this > from time to time here, with no unwanted messages. Example: > > SMSG RSCS STOP PRT577 > SMSG RSCS DEFINE PRT577 ASTART > > This actually works better then a STOP/START combination > because with START the link will process any queued work, > then stop. It will need another START when more work arrives. > With ASTART, it will process the currently queued work PLUS > anything that comes later. > > Peter > > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard > Sent: August 12, 2010 14:29 > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Logging off has no effect - messages resume as soon as the > user logs back on. However, logging RSCS off and back on > would work :-) I get the same response to the SET LINK NOMSG > as to the SETMSG command. > > Regards, > Richard Schuh > > > > > -Original Message- > > From: The IBM z/VM Operating System > > [mailto:ib...@listserv.uark.edu] On Behalf Of Dale R. Smith > > Sent: Thursday, August 12, 2010 10:51 AM > > To: IBMVM@LISTSERV.UARK.EDU > > Subject: Re: RSCS Messages > > > > On Thu, 12 Aug 2010 09:12:27 -0700, Schuh, Richard > > > wrot= > > e: > > > > >When a user starts a link via SMSG command, it becomes a > > special pal of > > >= > > > > RSCS and receives messages about that link forever or until RSCS is > > recycled, whichever comes first. Is there any other way of causing > > RSCS t= o quit sending the messages? I tried the SETMSG ALL OFF > > command and found = > > > > out that I was not subscribed for any messages :-( > > > > > > > > >Regards, > > >Richard Schuh > > > > > > > Have you tried: SMSG RSCS SET linkid NOMSG ? > > I think logging off/on the user getting the messages will stop them > > also.= > > > > > > -- > > Dale R. Smith > > > > > The information transmitted is intended only for the person > or entity to which it is addressed and may contain > confidential and/or privileged material. Any review > retransmission dissemination or other use of or taking any > action in reliance upon this information by persons or > entities other than the intended recipient or delegate is > strictly prohibited. If you received this in error please > contact the sender and delete the material from any computer. > The integrity and security of this message cannot be > guaranteed on the Internet. The sender accepts no liability > for the content of this e-mail or for the consequences of any > actions taken on the basis of information provided. The > recipient should check this e-mail and any attachments for > the presence of viruses. The sender accepts no liability for > any damage caused by any virus transmitted by this e-mail. > This disclaimer is property of the TTC and must not be > altered or circumvented in any manner. > Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or "Protected Health Information," within the meaning of the regulations under the Health Insurance Portability & Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you.
Re: RSCS Messages
Had to change an IP address while the system was up. It normally is ASTART but that would not work in this case, it would go to the address in the config file when RSCS started. I guess I will look for an opportune moment and recycle RSCS. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of peter.w...@ttc.ca > Sent: Thursday, August 12, 2010 11:42 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Then don't start a link, define it with autostart. We do this > from time to time here, with no unwanted messages. Example: > > SMSG RSCS STOP PRT577 > SMSG RSCS DEFINE PRT577 ASTART > > This actually works better then a STOP/START combination > because with START the link will process any queued work, > then stop. It will need another START when more work arrives. > With ASTART, it will process the currently queued work PLUS > anything that comes later. > > Peter > > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard > Sent: August 12, 2010 14:29 > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > Logging off has no effect - messages resume as soon as the > user logs back on. However, logging RSCS off and back on > would work :-) I get the same response to the SET LINK NOMSG > as to the SETMSG command. > > Regards, > Richard Schuh > > > > > -Original Message- > > From: The IBM z/VM Operating System > > [mailto:ib...@listserv.uark.edu] On Behalf Of Dale R. Smith > > Sent: Thursday, August 12, 2010 10:51 AM > > To: IBMVM@LISTSERV.UARK.EDU > > Subject: Re: RSCS Messages > > > > On Thu, 12 Aug 2010 09:12:27 -0700, Schuh, Richard > > > wrot= > > e: > > > > >When a user starts a link via SMSG command, it becomes a > > special pal of > > >= > > > > RSCS and receives messages about that link forever or until RSCS is > > recycled, whichever comes first. Is there any other way of causing > > RSCS t= o quit sending the messages? I tried the SETMSG ALL OFF > > command and found = > > > > out that I was not subscribed for any messages :-( > > > > > > > > >Regards, > > >Richard Schuh > > > > > > > Have you tried: SMSG RSCS SET linkid NOMSG ? > > I think logging off/on the user getting the messages will stop them > > also.= > > > > > > -- > > Dale R. Smith > > > > > The information transmitted is intended only for the person > or entity to which it is addressed and may contain > confidential and/or privileged material. Any review > retransmission dissemination or other use of or taking any > action in reliance upon this information by persons or > entities other than the intended recipient or delegate is > strictly prohibited. If you received this in error please > contact the sender and delete the material from any computer. > The integrity and security of this message cannot be > guaranteed on the Internet. The sender accepts no liability > for the content of this e-mail or for the consequences of any > actions taken on the basis of information provided. The > recipient should check this e-mail and any attachments for > the presence of viruses. The sender accepts no liability for > any damage caused by any virus transmitted by this e-mail. > This disclaimer is property of the TTC and must not be > altered or circumvented in any manner. >
Re: RSCS Messages
Then don't start a link, define it with autostart. We do this from time to time here, with no unwanted messages. Example: SMSG RSCS STOP PRT577 SMSG RSCS DEFINE PRT577 ASTART This actually works better then a STOP/START combination because with START the link will process any queued work, then stop. It will need another START when more work arrives. With ASTART, it will process the currently queued work PLUS anything that comes later. Peter -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: August 12, 2010 14:29 To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RSCS Messages Logging off has no effect - messages resume as soon as the user logs back on. However, logging RSCS off and back on would work :-) I get the same response to the SET LINK NOMSG as to the SETMSG command. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Dale R. Smith > Sent: Thursday, August 12, 2010 10:51 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > On Thu, 12 Aug 2010 09:12:27 -0700, Schuh, Richard > wrot= > e: > > >When a user starts a link via SMSG command, it becomes a > special pal of > >= > > RSCS and receives messages about that link forever or until > RSCS is recycled, whichever comes first. Is there any other > way of causing RSCS t= o quit sending the messages? I tried > the SETMSG ALL OFF command and found = > > out that I was not subscribed for any messages :-( > > > > > >Regards, > >Richard Schuh > > > > Have you tried: SMSG RSCS SET linkid NOMSG ? > I think logging off/on the user getting the messages will > stop them also.= > > > -- > Dale R. Smith > The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review retransmission dissemination or other use of or taking any action in reliance upon this information by persons or entities other than the intended recipient or delegate is strictly prohibited. If you received this in error please contact the sender and delete the material from any computer. The integrity and security of this message cannot be guaranteed on the Internet. The sender accepts no liability for the content of this e-mail or for the consequences of any actions taken on the basis of information provided. The recipient should check this e-mail and any attachments for the presence of viruses. The sender accepts no liability for any damage caused by any virus transmitted by this e-mail. This disclaimer is property of the TTC and must not be altered or circumvented in any manner.
Re: RSCS Messages
Logging off has no effect - messages resume as soon as the user logs back on. However, logging RSCS off and back on would work :-) I get the same response to the SET LINK NOMSG as to the SETMSG command. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Dale R. Smith > Sent: Thursday, August 12, 2010 10:51 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RSCS Messages > > On Thu, 12 Aug 2010 09:12:27 -0700, Schuh, Richard > wrot= > e: > > >When a user starts a link via SMSG command, it becomes a > special pal of > >= > > RSCS and receives messages about that link forever or until > RSCS is recycled, whichever comes first. Is there any other > way of causing RSCS t= o quit sending the messages? I tried > the SETMSG ALL OFF command and found = > > out that I was not subscribed for any messages :-( > > > > > >Regards, > >Richard Schuh > > > > Have you tried: SMSG RSCS SET linkid NOMSG ? > I think logging off/on the user getting the messages will > stop them also.= > > > -- > Dale R. Smith >
Re: RSCS Messages
On Thu, 12 Aug 2010 09:12:27 -0700, Schuh, Richard wrot e: >When a user starts a link via SMSG command, it becomes a special pal of RSCS and receives messages about that link forever or until RSCS is recycled, whichever comes first. Is there any other way of causing RSCS t o quit sending the messages? I tried the SETMSG ALL OFF command and found out that I was not subscribed for any messages :-( > > >Regards, >Richard Schuh > Have you tried: SMSG RSCS SET linkid NOMSG ? I think logging off/on the user getting the messages will stop them also. -- Dale R. Smith
RSCS Messages
When a user starts a link via SMSG command, it becomes a special pal of RSCS and receives messages about that link forever or until RSCS is recycled, whichever comes first. Is there any other way of causing RSCS to quit sending the messages? I tried the SETMSG ALL OFF command and found out that I was not subscribed for any messages :-( Regards, Richard Schuh
