Re: Hi everybody
Being older than dirt, war stories from Gabe and Phil contain golden nuggets of truth and forewarnings from which any new z/VM sysprog should consider learning (ahead of time). In my best "As Seen On TV" huckster voice: But wait! There's more! Operators are standing by to share even MORE (FREE with this offer!!) war stories (perhaps prevent you from repeating the same mistakes)! The IBMVM listserve has a very powerful and **EASY TO USE** web browser based archival search facility. Go to: http://listserv.uark.edu/scripts/wa.exe?S1=IBMVM In the "Search for:" box, enter: system programmer war stories then press "Submit" Very shortly thereafter you will be regaled with the real-life experiences of "live systems programmers (not on stage)!" Learn from the past grasshopper, or you are condemned to repeat it. And then... **BOOKMARK** the IBMVM listserve search page in your browser - as the "first stop" the next time you need a little help late at night or on a weekend... or any time!:-) Mike Walter Hewitt Associates The opinions expressed herein are mine alone, not my employer's. "Gabe Goldberg" Sent by: "The IBM z/VM Operating System" 02/06/2010 03:13 AM Please respond to "The IBM z/VM Operating System" To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Hi everybody Long ago (long enough that communication with service machines was via punch files), a site had a similar SVM for executing privileged commands on behalf of suitably authorized users. Just for grins, when he needed to shut down the system, one of them did it via command to the SVM. Problem was, the system shut down before the punch file was purged. AND, the SVM was automatically started by Autolog1 with no time delay. So when the system was warm started, it found the command file waiting, and shut down. Wash, rinse, repeat. Cold start. (Hey, they were only developers and sales people.) Followed by adding a time delay to Autolog1 processing. And it wasn't me, that was before I joined the company. Much longer ago, when Mitre was first installing VM (1972, VM/370, Release 1 PLC 9) I was working from home on a Silent 700 terminal. The second shift operator did something that annoyed me, so I shut down the system. Followed by, "Oops, we're in production now. There might be real users logged on". Phil Smith III reminisced: On Fri, Feb 5, 2010 at 10:46 AM, James A. Bohnsack = wrote: > >I've accidentally shutdown the main production system "once", as has = > every systems programmer with whom I worked or who worked for me has = done. Only once tho. Indeed. A very, very long time ago, back at UofW, we had a machine = called PRIV, that had a table of users and commands. You could "SMSG = PRIV somecmd" and if you were enabled, it would do it. It was very = granular, down to the specific operands: This let us do things like let = a professor force his students, without giving him general FORCE privs = (I was going to write "force his admin", but that had the wrong = connotation!). Anyway, I was doing some maintenance to PRIV. I logged on and was in a = CP READ. Since I didn't want to take it down mid-command, I had the = brilliant idea of doing an "SMSG * SHUTDOWN" (it was single-threaded, of = course). And then I waited. And waited.=20 All of a sudden one of the operators comes running out of the Red Room = (the raised floor), yelling "SYSA just shut itself down!" Of course, I immediately realized what I'd done. Hey, they were only = students;-) -- Gabriel Goldberg, Computers and Publishing, Inc. (703) 204-0433 3401 Silver Maple Place, Falls Church, VA 22042g...@gabegold.com LinkedIn: http://www.linkedin.com/in/gabegold The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Hi everybody
I used to enjoy class A privs. I put SET PRIVCLASS -A in my PROFILE. - SET PRIVCLASS is an auditable event and I didn't want to explain to the Security staff why I used it so much. If you have the privilege to begin with, no audit record was cut. Start out with anything that you are entitled to, and trim it back with the means at your disposal. - I don't want to become the System Operator, which you become eligible for if you are Class A at the time the Sysoper gets logged off. (In olden days, we never had that problem since we ran OPERATOR disconnected running reliable PROP and Operators could not log on (AUTOONLY). But after outsourcing, that was changed so that OPERATOR ran a vendor product, Operators logged onto the OPERATOR id, and occasionally I have seen the OPERATOR id mysteriously not logged on.) Paul Nieman On Thu, 2010-02-04 at 12:53 -0800, Schuh, Richard wrote: > For any user who doesn't have class C, Set priv is not a security > concern at all. They cannot go outside their directory classes. All > they can do is remove an existing class or restore it. the real > security concern is the Directory Class C, not the user's ability to > use SET PRIV. One must be very cautious about granting that privilege > class. > > Regards, > Richard Schuh > > > > > > > > __ > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling > Sent: Thursday, February 04, 2010 12:07 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody > > > > Yes - as you parenthetically alluded to - allowing SET > PRIVCLAS is a feature you have to enable.. some customers > see a command like SET PRIVCLAS as a security breaker.. It > depends on how strict and how much 'separation of duty' is > built into their security policies. Anyone with class C and > SET PRIVCLAS feature enabled is essentially an all-powerful > user, period. > > Scott > > > On Thu, Feb 4, 2010 at 12:12 PM, zMan > wrote: > On Thu, Feb 4, 2010 at 1:44 PM, Schuh, Richard > wrote: > It isn't a matter of trust, it is a matter of > minimizing the risk of an accidental SHUTDOWN. > Here MAINT does not have class A; however it > does have class C. That allows it to use the > SET PRIV * +A in order to issue class A > commands such as Q CPDISKS, CPRELEASE and > CPACCESS. By requiring that extra step of the > SET PRIV, it heightens the awareness of the > person to the fact that they now have > extraordinary capabilities and > responsibilities. > > > Exactly. I'd argue that "best practices" (a term I > hate) has even MAINT doing a CP SET PRIVCLAS * =BEG > (unless that's disabled, of course) in its PROFILE > EXEC, and then using a CLASS EXEC for privileged > commands: > CLASS A SHUTDOWN > > >
Re: Hi everybody
I must be getting old, as I can't remember a single time I accidently told a production system to close up the shop. Maybe it was starting out as an operator in a commercial data center with many paying customers using RJE around the clock, then TSO was added to the mix. But I learned UNIX well before sudo and still do root business logged on as root (with a RED background color). UNIX _does_ make you respect its power, CP and CMS less so (we won't mention those other OSes). ;-) -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.'" __--from_Nightfall_by_Asimov/Silverberg_
Re: Hi everybody
No one has yet mentioned the origianl TCPIP package which included sample DIRECT statements for each machine and these samples included CLASS A for each machine. The command to end SMTP is CP SM SMTP SHUTDOWN. I was logged onto the SMTP machine for debugging and I entered the SHUTDOWN command incorrectly and you can guess the rest. The directory classes were then promptly changed. /Fran Hensler at Slippery Rock University of Pennsylvania USA for 46 years mailto:f...@zvm.sru.edu http://zvm.sru.edu/~fjh +1.724.738.2153 "Yes, Virginia, there is a Slippery Rock" --
Re: Hi everybody
Long ago (long enough that communication with service machines was via punch files), a site had a similar SVM for executing privileged commands on behalf of suitably authorized users. Just for grins, when he needed to shut down the system, one of them did it via command to the SVM. Problem was, the system shut down before the punch file was purged. AND, the SVM was automatically started by Autolog1 with no time delay. So when the system was warm started, it found the command file waiting, and shut down. Wash, rinse, repeat. Cold start. (Hey, they were only developers and sales people.) Followed by adding a time delay to Autolog1 processing. And it wasn't me, that was before I joined the company. Much longer ago, when Mitre was first installing VM (1972, VM/370, Release 1 PLC 9) I was working from home on a Silent 700 terminal. The second shift operator did something that annoyed me, so I shut down the system. Followed by, "Oops, we're in production now. There might be real users logged on". Phil Smith III reminisced: On Fri, Feb 5, 2010 at 10:46 AM, James A. Bohnsack = wrote: >I've accidentally shutdown the main production system "once", as has = every systems programmer with whom I worked or who worked for me has = done. Only once tho. Indeed. A very, very long time ago, back at UofW, we had a machine = called PRIV, that had a table of users and commands. You could "SMSG = PRIV somecmd" and if you were enabled, it would do it. It was very = granular, down to the specific operands: This let us do things like let = a professor force his students, without giving him general FORCE privs = (I was going to write "force his admin", but that had the wrong = connotation!). Anyway, I was doing some maintenance to PRIV. I logged on and was in a = CP READ. Since I didn't want to take it down mid-command, I had the = brilliant idea of doing an "SMSG * SHUTDOWN" (it was single-threaded, of = course). And then I waited. And waited.=20 All of a sudden one of the operators comes running out of the Red Room = (the raised floor), yelling "SYSA just shut itself down!" Of course, I immediately realized what I'd done. Hey, they were only = students;-) -- Gabriel Goldberg, Computers and Publishing, Inc. (703) 204-0433 3401 Silver Maple Place, Falls Church, VA 22042g...@gabegold.com LinkedIn: http://www.linkedin.com/in/gabegold
Re: Hi everybody
"James A. Bohnsack" wrote :- > I've accidentally shutdown the main production system "once", > as has every systems programmer with whom I worked or who > worked for me has done. Yes - mine was quite a silly one (although I did not actually press the key). A very many years ago I walked into a site that was having some problems building their new system. They had it up 2nd level and it was running like a dog, so I said to shut it down. They typed SHUTDOWN on the 2nd level operator console but, because it was running so slow, the SHUTDOWN was picked up by the 1st level guest machine and they closed down the 1st level system. It took me a while to explain to them that the userid they were running in did not need all the privilege classes in order to run the commands 2nd level ;-) Once I had succeeded then they said 'Oh, we wondered why this kept happening' Colin Allinson VM Systems Support Amadeus Data Processing GmbH
Re: Hi everybody
When I did it to the system, I was trying to SHUTDOWN RSCS. Probably had a brain check and thought I was talking to RSCS but instead I got to CP. I think it's dangerous that the SHUTDOWN command is in any PP. Jim From: The IBM z/VM Operating System [ib...@listserv.uark.edu] On Behalf Of Schuh, Richard [rsc...@visa.com] Sent: Friday, February 05, 2010 11:38 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hi everybody Does anyone give RSCS class A privileges? If so, the probably have to seek = re-employment frequently :) Regards,=20 Richard Schuh=20 =20 > -Original Message- > From: The IBM z/VM Operating System=20 > [mailto:ib...@listserv.uark.edu] On Behalf Of James A. Bohnsack > Sent: Friday, February 05, 2010 7:46 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody >=20 > I've accidentally shutdown the main production system "once",=20 > as has every systems programmer with whom I worked or who=20 > worked for me has done. Only once tho. There are or were =20 > couple of gotcha's introduced by IBM. One is the fact that=20 > the official way to stop RSCS is with the SHUTDOWN command. =20 > This note of caution is now in the RSCS SHUTDOWN HELP: >=20 > Use care when entering the SHUTDOWN command. If you=20 > accidentally enter it > without the appropriate RSCS prefix, it is treated as a CP=20 > command and =20 > passed to CP for processing. If you have the proper CP=20 > privilege class, =20 > this command would stop your z/VM operating system. =20 > =20 > =20 > =20 > One other place or thing where SHUTDOWN is or was used is the=20 > old,old PC3270 or maybe that was the 3270PC. It was a late=20 > 80's PC/XT that came out of Kingston, I think, rather than=20 > Boca. To park the hard disk so the cleaning people wouldn't=20 > bump the stand it was on, you issued a SHUTDOWN command. One=20 > of the sysprogs I workied with SHUTDOWN VM rather than her=20 > PC. The next day there was a SHUTDOWN EXEC on the y-disk=20 > that asked you if you "really wanted to do that". >=20 > Jim >=20 > > From: The IBM z/VM Operating System [ib...@listserv.uark.edu]=20 > On Behalf Of Rich Greenberg [ric...@panix.com] > Sent: Thursday, February 04, 2010 4:59 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody >=20 > On: Thu, Feb 04, 2010 at 10:44:34AM -0800,Schuh, Richard Wrote: >=20 > } It isn't a matter of trust, it is a matter of minimizing=20 > the risk of an accidental SHUTDOWN. Here MAINT does not have=20 > class A; however it does have class C. That allows it to use=20 > the SET PRIV * +A in order to issue class A commands such as=20 > Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra=20 > step of the SET PRIV, it heightens the awareness of the=20 > person to the fact that they now have extraordinary=20 > capabilities and responsibilities. >=20 > Rich has hit the nail directly on the head here. Accidents=20 > and mistreaks happen, this just puts another door in front of them. >=20 > -- > Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com =20 > + 1 239 543 1353 > Eastern time. N6LRT I speak for myself & my dogs only. =20 > VM'er since CP-67 > Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians=20 > Owner:Chinook-L > Retired at the beach Asst=20 > Owner:Sibernet-L > =
Re: Hi everybody
I have been victimized by it a couple of times without being the culprit. The first time, I was in the middle of a stage 1 sysgen of what was to be our 2nd-level production SVS system. That made more of an impression on me than it did the perpetrator; he did the same thing a month later. That marked his exit to another group, one without any power over the system, and I inherited the VM responsibilities. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Rob van der Heij > Sent: Friday, February 05, 2010 8:17 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody > > On Fri, Feb 5, 2010 at 5:05 PM, Phil Smith III > wrote: > > > Anyway, I was doing some maintenance to PRIV. I logged on > and was in a CP READ. Since I didn't want to take it down > mid-command, I had the brilliant idea of doing an "SMSG * > SHUTDOWN" (it was single-threaded, of course). And then I > waited. And waited. > > My all time favorite was the experienced operator trying to > trick his new colleage with > > tell oper1 try typing #cp shutdown if you dare > > And when the hardcopy event logger started to beep, he yelled > "he did it, he did it" until he realized the #cp in his > message was interpreted by CP ... :-) > > Rob >
Re: Hi everybody
Does anyone give RSCS class A privileges? If so, the probably have to seek re-employment frequently :) Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of James A. Bohnsack > Sent: Friday, February 05, 2010 7:46 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody > > I've accidentally shutdown the main production system "once", > as has every systems programmer with whom I worked or who > worked for me has done. Only once tho. There are or were > couple of gotcha's introduced by IBM. One is the fact that > the official way to stop RSCS is with the SHUTDOWN command. > This note of caution is now in the RSCS SHUTDOWN HELP: > > Use care when entering the SHUTDOWN command. If you > accidentally enter it > without the appropriate RSCS prefix, it is treated as a CP > command and > passed to CP for processing. If you have the proper CP > privilege class, > this command would stop your z/VM operating system. > > > > One other place or thing where SHUTDOWN is or was used is the > old,old PC3270 or maybe that was the 3270PC. It was a late > 80's PC/XT that came out of Kingston, I think, rather than > Boca. To park the hard disk so the cleaning people wouldn't > bump the stand it was on, you issued a SHUTDOWN command. One > of the sysprogs I workied with SHUTDOWN VM rather than her > PC. The next day there was a SHUTDOWN EXEC on the y-disk > that asked you if you "really wanted to do that". > > Jim > > > From: The IBM z/VM Operating System [ib...@listserv.uark.edu] > On Behalf Of Rich Greenberg [ric...@panix.com] > Sent: Thursday, February 04, 2010 4:59 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody > > On: Thu, Feb 04, 2010 at 10:44:34AM -0800,Schuh, Richard Wrote: > > } It isn't a matter of trust, it is a matter of minimizing > the risk of an accidental SHUTDOWN. Here MAINT does not have > class A; however it does have class C. That allows it to use > the SET PRIV * +A in order to issue class A commands such as > Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra > step of the SET PRIV, it heightens the awareness of the > person to the fact that they now have extraordinary > capabilities and responsibilities. > > Rich has hit the nail directly on the head here. Accidents > and mistreaks happen, this just puts another door in front of them. > > -- > Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com > + 1 239 543 1353 > Eastern time. N6LRT I speak for myself & my dogs only. > VM'er since CP-67 > Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians > Owner:Chinook-L > Retired at the beach Asst > Owner:Sibernet-L >
Re: Hi everybody
On Fri, Feb 5, 2010 at 5:05 PM, Phil Smith III wrote: > Anyway, I was doing some maintenance to PRIV. I logged on and was in a CP > READ. Since I didn't want to take it down mid-command, I had the brilliant > idea of doing an "SMSG * SHUTDOWN" (it was single-threaded, of course). And > then I waited. And waited. My all time favorite was the experienced operator trying to trick his new colleage with tell oper1 try typing #cp shutdown if you dare And when the hardcopy event logger started to beep, he yelled "he did it, he did it" until he realized the #cp in his message was interpreted by CP ... :-) Rob
Re: Hi everybody
On Fri, Feb 5, 2010 at 10:46 AM, James A. Bohnsack wrote: >I've accidentally shutdown the main production system "once", as has every >systems programmer with whom I worked or who worked for me has done. Only >once tho. Indeed. A very, very long time ago, back at UofW, we had a machine called PRIV, that had a table of users and commands. You could "SMSG PRIV somecmd" and if you were enabled, it would do it. It was very granular, down to the specific operands: This let us do things like let a professor force his students, without giving him general FORCE privs (I was going to write "force his admin", but that had the wrong connotation!). Anyway, I was doing some maintenance to PRIV. I logged on and was in a CP READ. Since I didn't want to take it down mid-command, I had the brilliant idea of doing an "SMSG * SHUTDOWN" (it was single-threaded, of course). And then I waited. And waited. All of a sudden one of the operators comes running out of the Red Room (the raised floor), yelling "SYSA just shut itself down!" Of course, I immediately realized what I'd done. Hey, they were only students ;-) ...phsiii
Re: Hi everybody
DIRMAINT also uses a SHUTDOWN ..DIRM SHUTDOWN or just SHUTDOWN if logged in to the DIRMAINT USER. SHUTDOWN SYSTEM systemin z/VM 5.4 will help a lot with the 'oh no...' moments for new sysprogs, though.. Scott On Fri, Feb 5, 2010 at 8:46 AM, James A. Bohnsack wrote: > I've accidentally shutdown the main production system "once", as has every > systems programmer with whom I worked or who worked for me has done. Only > once tho. There are or were couple of gotcha's introduced by IBM. One is > the fact that the official way to stop RSCS is with the SHUTDOWN command. > This note of caution is now in the RSCS SHUTDOWN HELP: > > Use care when entering the SHUTDOWN command. If you accidentally enter it > without the appropriate RSCS prefix, it is treated as a CP command and > passed to CP for processing. If you have the proper CP privilege class, > this command would stop your z/VM operating system. > > One other place or thing where SHUTDOWN is or was used is the old,old > PC3270 or maybe that was the 3270PC. It was a late 80's PC/XT that came out > of Kingston, I think, rather than Boca. To park the hard disk so the > cleaning people wouldn't bump the stand it was on, you issued a SHUTDOWN > command. One of the sysprogs I workied with SHUTDOWN VM rather than her PC. > The next day there was a SHUTDOWN EXEC on the y-disk that asked you if you > "really wanted to do that". > > Jim > > > From: The IBM z/VM Operating System [ib...@listserv.uark.edu] On Behalf Of > Rich Greenberg [ric...@panix.com] > Sent: Thursday, February 04, 2010 4:59 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody > > On: Thu, Feb 04, 2010 at 10:44:34AM -0800,Schuh, Richard Wrote: > > } It isn't a matter of trust, it is a matter of minimizing the risk of an > accidental SHUTDOWN. Here MAINT does not have class A; however it does have > class C. That allows it to use the SET PRIV * +A in order to issue class A > commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra > step of the SET PRIV, it heightens the awareness of the person to the fact > that they now have extraordinary capabilities and responsibilities. > > Rich has hit the nail directly on the head here. Accidents and > mistreaks happen, this just puts another door in front of them. > > -- > Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 > 1353 > Eastern time. N6LRT I speak for myself & my dogs only.VM'er since > CP-67 > Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians > Owner:Chinook-L > Retired at the beach Asst > Owner:Sibernet-L >
Re: Hi everybody
I've accidentally shutdown the main production system "once", as has every systems programmer with whom I worked or who worked for me has done. Only once tho. There are or were couple of gotcha's introduced by IBM. One is the fact that the official way to stop RSCS is with the SHUTDOWN command. This note of caution is now in the RSCS SHUTDOWN HELP: Use care when entering the SHUTDOWN command. If you accidentally enter it without the appropriate RSCS prefix, it is treated as a CP command and passed to CP for processing. If you have the proper CP privilege class, this command would stop your z/VM operating system. One other place or thing where SHUTDOWN is or was used is the old,old PC3270 or maybe that was the 3270PC. It was a late 80's PC/XT that came out of Kingston, I think, rather than Boca. To park the hard disk so the cleaning people wouldn't bump the stand it was on, you issued a SHUTDOWN command. One of the sysprogs I workied with SHUTDOWN VM rather than her PC. The next day there was a SHUTDOWN EXEC on the y-disk that asked you if you "really wanted to do that". Jim From: The IBM z/VM Operating System [ib...@listserv.uark.edu] On Behalf Of Rich Greenberg [ric...@panix.com] Sent: Thursday, February 04, 2010 4:59 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hi everybody On: Thu, Feb 04, 2010 at 10:44:34AM -0800,Schuh, Richard Wrote: } It isn't a matter of trust, it is a matter of minimizing the risk of an accidental SHUTDOWN. Here MAINT does not have class A; however it does have class C. That allows it to use the SET PRIV * +A in order to issue class A commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra step of the SET PRIV, it heightens the awareness of the person to the fact that they now have extraordinary capabilities and responsibilities. Rich has hit the nail directly on the head here. Accidents and mistreaks happen, this just puts another door in front of them. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Hi everybody
I named the ones needed for updating the SYSTEM CONFIG file in my earlier post. Regards, Richard Schuh > -Original Message- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Greenberg > Sent: Thursday, February 04, 2010 1:56 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Hi everybody > > On: Thu, Feb 04, 2010 at 10:34:08AM -0800,Howard Rifkind Wrote: > > } Just curious about you comment in this post about not > liking } to even have user maint have an ?A? class privilege. > > Just 40 years of sysprogging with the occasional "O SHIT" > happening. > About the only thing you lose without class A is SHUTDOWN, > and at systems I controlled, only ORERATOR and its cohorts > had class A. > > (Yes, there are other commands that are class A only, but can > you even name them much less ever used them?) > > -- > Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com > + 1 239 543 1353 > Eastern time. N6LRT I speak for myself & my dogs only. > VM'er since CP-67 > Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians > Owner:Chinook-L > Retired at the beach Asst > Owner:Sibernet-L >
Re: Hi everybody
SET SUBCMD OBSERVER IBMCLASS=A SET SUBCMD PAGING IBMCLASS=A SET SUBCMD PRIORITY IBMCLASS=A SET SUBCMD QUICKDSP IBMCLASS=A SET SUBCMD QDROPIBMCLASS=A SET SUBCMD RESERVED IBMCLASS=A SET SUBCMD SASSIST IBMCLASS=A SET SUBCMD SECUSER IBMCLASS=A SET SUBCMD SHAREIBMCLASS=A SET SUBCMD SHUTDOWNTIME IBMCLASS=A SET SUBCMD SIGNAL IBMCLASS=A SET SUBCMD SRM IBMCLASS=A SET SUBCMD STGEXEMPTIBMCLASS=A SET SUBCMD STGLIMIT IBMCLASS=A SET SUBCMD SYSOPER IBMCLASS=A SET SUBCMD S370EIBMCLASS=A SET SUBCMD TIMEZONE IBMCLASS=A SET SUBCMD TRACEFRAMES IBMCLASS=A SET SUBCMD VMSAVE IBMCLASS=A SET SUBCMD VTOD IBMCLASS=A SHUTDOWN IBMCLASS=A SIGNALIBMCLASS=A SNAPDUMP IBMCLASS=A SPMODEIBMCLASS=A SYNCMDRS IBMCLASS=A TRSAVEIBMCLASS=A UNDEDICATEIBMCLASS=A UNLOCKIBMCLASS=A WARNING IBMCLASS=A XAUTOLOG IBMCLASS=A XLINK IBMCLASS=A Have I ever used them? Well... some of them quite often, e.g. AUTOLOG/XAUTOLOG, DEFINE (mdisk), SIGNAL, many of the Query commands, etc. Others, "not so much". Rich probably forgets because most experienced sysprogs eventually give in to modifying privclasses for commands that they frequently need, or need infrequently but urgently when things go bump in the dark. Mike Walter Hewitt Associates The opinions expressed herein are mine alone, not my employer's. "Rich Greenberg" Sent by: "The IBM z/VM Operating System" 02/04/2010 03:55 PM Please respond to "The IBM z/VM Operating System" To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Hi everybody On: Thu, Feb 04, 2010 at 10:34:08AM -0800,Howard Rifkind Wrote: } Just curious about you comment in this post about not liking } to even have user maint have an ?A? class privilege. Just 40 years of sysprogging with the occasional "O SHIT" happening. About the only thing you lose without class A is SHUTDOWN, and at systems I controlled, only ORERATOR and its cohorts had class A. (Yes, there are other commands that are class A only, but can you even name them much less ever used them?) -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Hi everybody
On: Thu, Feb 04, 2010 at 10:44:34AM -0800,Schuh, Richard Wrote: } It isn't a matter of trust, it is a matter of minimizing the risk of an accidental SHUTDOWN. Here MAINT does not have class A; however it does have class C. That allows it to use the SET PRIV * +A in order to issue class A commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra step of the SET PRIV, it heightens the awareness of the person to the fact that they now have extraordinary capabilities and responsibilities. Rich has hit the nail directly on the head here. Accidents and mistreaks happen, this just puts another door in front of them. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Hi everybody
Rich Greenberg wrote: (Yes, there are other commands that are class A only, but can you even name them much less ever used them?) FORCE ? --Ivan
Re: Hi everybody
On: Thu, Feb 04, 2010 at 10:34:08AM -0800,Howard Rifkind Wrote: } Just curious about you comment in this post about not liking } to even have user maint have an ?A? class privilege. Just 40 years of sysprogging with the occasional "O SHIT" happening. About the only thing you lose without class A is SHUTDOWN, and at systems I controlled, only ORERATOR and its cohorts had class A. (Yes, there are other commands that are class A only, but can you even name them much less ever used them?) -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Hi everybody
For any user who doesn't have class C, Set priv is not a security concern at all. They cannot go outside their directory classes. All they can do is remove an existing class or restore it. the real security concern is the Directory Class C, not the user's ability to use SET PRIV. One must be very cautious about granting that privilege class. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Thursday, February 04, 2010 12:07 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hi everybody Yes - as you parenthetically alluded to - allowing SET PRIVCLAS is a feature you have to enable.. some customers see a command like SET PRIVCLAS as a security breaker.. It depends on how strict and how much 'separation of duty' is built into their security policies. Anyone with class C and SET PRIVCLAS feature enabled is essentially an all-powerful user, period. Scott On Thu, Feb 4, 2010 at 12:12 PM, zMan mailto:zedgarhoo...@gmail.com>> wrote: On Thu, Feb 4, 2010 at 1:44 PM, Schuh, Richard mailto:rsc...@visa.com>> wrote: It isn't a matter of trust, it is a matter of minimizing the risk of an accidental SHUTDOWN. Here MAINT does not have class A; however it does have class C. That allows it to use the SET PRIV * +A in order to issue class A commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra step of the SET PRIV, it heightens the awareness of the person to the fact that they now have extraordinary capabilities and responsibilities. Exactly. I'd argue that "best practices" (a term I hate) has even MAINT doing a CP SET PRIVCLAS * =BEG (unless that's disabled, of course) in its PROFILE EXEC, and then using a CLASS EXEC for privileged commands: CLASS A SHUTDOWN
Re: Hi everybody
Scott Rohling wrote: Yes - as you parenthetically alluded to - allowing SET PRIVCLAS is a feature you have to enable.. some customers see a command like SET PRIVCLAS as a security breaker.. It depends on how strict and how much 'separation of duty' is built into their security policies. Anyone with class C and SET PRIVCLAS feature enabled is essentially an all-powerful user, period. Scott Correction... Anyone with class C and STORE HOST is an all-powerfull user.. (SET PRIVCLASS is just a shortcut to what one can do with STORE HOST).. --Ivan
Re: Hi everybody
Yes - as you parenthetically alluded to - allowing SET PRIVCLAS is a feature you have to enable.. some customers see a command like SET PRIVCLAS as a security breaker.. It depends on how strict and how much 'separation of duty' is built into their security policies. Anyone with class C and SET PRIVCLAS feature enabled is essentially an all-powerful user, period. Scott On Thu, Feb 4, 2010 at 12:12 PM, zMan wrote: > On Thu, Feb 4, 2010 at 1:44 PM, Schuh, Richard wrote: > >> It isn't a matter of trust, it is a matter of minimizing the risk of an >> accidental SHUTDOWN. Here MAINT does not have class A; however it does have >> class C. That allows it to use the SET PRIV * +A in order to issue class A >> commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra >> step of the SET PRIV, it heightens the awareness of the person to the fact >> that they now have extraordinary capabilities and responsibilities. >> > > Exactly. I'd argue that "best practices" (a term I hate) has even MAINT > doing a CP SET PRIVCLAS * =BEG (unless that's disabled, of course) in its > PROFILE EXEC, and then using a CLASS EXEC for privileged commands: > CLASS A SHUTDOWN > >
Re: Hi everybody
On Thu, Feb 4, 2010 at 1:44 PM, Schuh, Richard wrote: > It isn't a matter of trust, it is a matter of minimizing the risk of an > accidental SHUTDOWN. Here MAINT does not have class A; however it does have > class C. That allows it to use the SET PRIV * +A in order to issue class A > commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra > step of the SET PRIV, it heightens the awareness of the person to the fact > that they now have extraordinary capabilities and responsibilities. > Exactly. I'd argue that "best practices" (a term I hate) has even MAINT doing a CP SET PRIVCLAS * =BEG (unless that's disabled, of course) in its PROFILE EXEC, and then using a CLASS EXEC for privileged commands: CLASS A SHUTDOWN
Re: Hi everybody
Yes, that is a very good thing (the SYSTEM operand) We just take Shutdown out of class A and put it in X. The use the set privclass when we actually have to use it (and that's rare since GDPS does our shutting down). Marcy
Re: Hi everybody
Ah - but the lovely SHUTDOWN SYSTEM x feature in z/VM 5.4 should very much help reduce risk of accidental shutdown. You have to be pretty deliberate if you turn that feature on ... But yes .. there are plenty of other commands and reasons to limit class A use.. Scott On Thu, Feb 4, 2010 at 11:44 AM, Schuh, Richard wrote: > It isn't a matter of trust, it is a matter of minimizing the risk of an > accidental SHUTDOWN. Here MAINT does not have class A; however it does have > class C. That allows it to use the SET PRIV * +A in order to issue class A > commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra > step of the SET PRIV, it heightens the awareness of the person to the fact > that they now have extraordinary capabilities and responsibilities. > > > Regards, > Richard Schuh > > > > > -- > *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On > Behalf Of *Howard Rifkind > *Sent:* Thursday, February 04, 2010 10:34 AM > > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Re: Hi everybody > >Rich, > > Just curious about you comment in this post about not liking to even have > user maint have an ‘A’ class privilege. > > Who then would you suggest having a class A privilege? > > None of the other user id’s have class A … Operator? > > I never had any issues with user id Maint having all the available > privileges as only the z/VM sysprogs use Maint and if you can’t trust them > then who? > > > --- On *Thu, 2/4/10, Rich Greenberg * wrote: > > > From: Rich Greenberg > Subject: Re: Hi everybody > To: IBMVM@LISTSERV.UARK.EDU > Date: Thursday, February 4, 2010, 12:20 PM > > On: Thu, Feb 04, 2010 at 06:00:37PM +0100,Mario Izaguirre Wrote: > > } I'm login with my user-id (maiz) > > } send ftpgest0 close cons > } > } HCPSEC068E SEND command failed; receiver has not authorized sender > } > } Ready(00068); T=0.01/0.01 17:58:43 > > You need to add the proper VM privledge class to your ID. Easiest way > is just duplicate the classes MAINT has.. BE CARFULL > > I don't like class A on either MAINT or your ID as it TOO powerful. > Many of us have unintentionally shut VM down at one time. Rarely twice. > You can always add it with SET PRIV if you REALLY need it. > > -- > Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 > 1353 > Eastern time. N6LRT I speak for myself & my dogs only.VM'er since > CP-67 > Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians > Owner:Chinook-L > Retired at the beach Asst > Owner:Sibernet-L > > >
Re: Hi everybody
The other route you could take, if protection from a shutdown is the goal, change the class of the shutdown to Z or S, and don¹t give this priv to anyone. Use the Set Priv * +Z as part of the shutdown process. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." On 2/4/10 12:44 PM, "Schuh, Richard" wrote: > It isn't a matter of trust, it is a matter of minimizing the risk of an > accidental SHUTDOWN. Here MAINT does not have class A; however it does have > class C. That allows it to use the SET PRIV * +A in order to issue class A > commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra > step of the SET PRIV, it heightens the awareness of the person to the fact > that they now have extraordinary capabilities and responsibilities. > > Regards, > Richard Schuh >
Re: Hi everybody
It isn't a matter of trust, it is a matter of minimizing the risk of an accidental SHUTDOWN. Here MAINT does not have class A; however it does have class C. That allows it to use the SET PRIV * +A in order to issue class A commands such as Q CPDISKS, CPRELEASE and CPACCESS. By requiring that extra step of the SET PRIV, it heightens the awareness of the person to the fact that they now have extraordinary capabilities and responsibilities. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Howard Rifkind Sent: Thursday, February 04, 2010 10:34 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hi everybody Rich, Just curious about you comment in this post about not liking to even have user maint have an 'A' class privilege. Who then would you suggest having a class A privilege? None of the other user id's have class A ... Operator? I never had any issues with user id Maint having all the available privileges as only the z/VM sysprogs use Maint and if you can't trust them then who? --- On Thu, 2/4/10, Rich Greenberg wrote: From: Rich Greenberg Subject: Re: Hi everybody To: IBMVM@LISTSERV.UARK.EDU Date: Thursday, February 4, 2010, 12:20 PM On: Thu, Feb 04, 2010 at 06:00:37PM +0100,Mario Izaguirre Wrote: } I'm login with my user-id (maiz) } send ftpgest0 close cons } } HCPSEC068E SEND command failed; receiver has not authorized sender } } Ready(00068); T=0.01/0.01 17:58:43 You need to add the proper VM privledge class to your ID. Easiest way is just duplicate the classes MAINT has.. BE CARFULL I don't like class A on either MAINT or your ID as it TOO powerful. Many of us have unintentionally shut VM down at one time. Rarely twice. You can always add it with SET PRIV if you REALLY need it. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Hi everybody
Rich, Just curious about you comment in this post about not liking to even have user maint have an ‘A’ class privilege. Who then would you suggest having a class A privilege? None of the other user id’s have class A … Operator? I never had any issues with user id Maint having all the available privileges as only the z/VM sysprogs use Maint and if you can’t trust them then who? --- On Thu, 2/4/10, Rich Greenberg wrote: From: Rich Greenberg Subject: Re: Hi everybody To: IBMVM@LISTSERV.UARK.EDU Date: Thursday, February 4, 2010, 12:20 PM On: Thu, Feb 04, 2010 at 06:00:37PM +0100,Mario Izaguirre Wrote: } I'm login with my user-id (maiz) } send ftpgest0 close cons } } HCPSEC068E SEND command failed; receiver has not authorized sender } } Ready(00068); T=0.01/0.01 17:58:43 You need to add the proper VM privledge class to your ID. Easiest way is just duplicate the classes MAINT has. BE CARFULL I don't like class A on either MAINT or your ID as it TOO powerful. Many of us have unintentionally shut VM down at one time. Rarely twice. You can always add it with SET PRIV if you REALLY need it. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only. VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Hi everybody
On Thu, Feb 4, 2010 at 12:21 PM, Dave Jones wrote: > Mario, that's an old version of VM you have running there now (as I am sure > you already know...). I don't think it supports the CP SEND CP FTPGEST0 > CLOSE CONS command that Scott has suggested. > It does, but it may not support you-can-always-SEND-if-you-have-the-right-privilege-class. I don't remember when that came in. Making yourself the SECUSER for that ID (CP SET SECUSER FTPGEST0 *), then doing the CP SEND CP, then CP SET SECUSER FTPGEST0 OFF will work if not (with the right privilege class). We used to have a CPSEND EXEC that did that sequence, before the you-can-always-SEND-if-you-have-the-right-privilege-class enhancement.
Re: Hi everybody
If FTPGEST0 is a z/VM FTP server and your user ID is in the TCP/IP server's OBEY list, you could issue: SMSG FTPGEST0 CLOSECON to close the console. Regards, Miguel Delapaz z/VM Development The IBM z/VM Operating System wrote on 02/04/2010 09:21:25 AM: > The IBM z/VM Operating System > > Mario, that's an old version of VM you have running there now (as I am > sure you already know...). I don't think it supports the CP SEND CP > FTPGEST0 CLOSE CONS command that Scott has suggested. > > I think the easiest think for you to do is simply log onto the FTPGEST0 > virtual machine and issue the CP SPOOL CONS CLOSE command directly on > it's console. You can then transfer it to another user id for processing. > > Hope this helps. > > On 02/04/2010 11:07 AM, Mario Izaguirre wrote: > > Hi, thanks for the welcome.. > > > > q cplevel > > VM/ESA Version 2 Release 3.0, service level 9901 > > Generated at 05/31/99 10:32:22 EST > > IPL at 12/21/09 11:40:44 EST > > Ready; T=0.01/0.01 18:07:22 > > > >> > >> q prt ftpgest0 all > >> > >> > >> ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE > >> DIST > >> > >> FTPGEST0 3115 Q CON 00196554 001 NONE OPEN- 0009 > >> FTPCONSO > >>
Re: Hi everybody
Mario, that's an old version of VM you have running there now (as I am sure you already know...). I don't think it supports the CP SEND CP FTPGEST0 CLOSE CONS command that Scott has suggested. I think the easiest think for you to do is simply log onto the FTPGEST0 virtual machine and issue the CP SPOOL CONS CLOSE command directly on it's console. You can then transfer it to another user id for processing. Hope this helps. On 02/04/2010 11:07 AM, Mario Izaguirre wrote: Hi, thanks for the welcome.. q cplevel VM/ESA Version 2 Release 3.0, service level 9901 Generated at 05/31/99 10:32:22 EST IPL at 12/21/09 11:40:44 EST Ready; T=0.01/0.01 18:07:22 Coming soon, zVM ver. 5.4 in a z/10 BC.. Best Regards, Mario Izaguirre Mainframe System Programmer Barcelona, Spain -Mensaje original- De: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] En nombre de Dave Jones Enviado el: jueves, 04 de febrero de 2010 18:05 Para: IBMVM@LISTSERV.UARK.EDU Asunto: Re: Hi everybody Hi, Mario. First, welcome the the group. This list is an excellent source of information for people new to the z/VM world. What version/level of VM are you running there now? You can very easily see that by issuing the CP command: Q CPLEVEL DJ On 02/04/2010 11:00 AM, Mario Izaguirre wrote: I'm login with my user-id (maiz) q prt ftpgest0 all ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE DIST FTPGEST0 3115 Q CON 00196554 001 NONE OPEN- 0009 FTPCONSO Ready; T=0.01/0.01 17:58:17 send ftpgest0 close cons HCPSEC068E SEND command failed; receiver has not authorized sender Ready(00068); T=0.01/0.01 17:58:43 Try with CP option before SEND .. cp send ftpgest0 close cons HCPSEC068E SEND command failed; receiver has not authorized sender Ready(00068); T=0.01/0.01 17:58:51 Best Regards, Mario Izaguirre Mainframe System Programmer Barcelona, Spain De: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] En nombre de Scott Rohling Enviado el: jueves, 04 de febrero de 2010 17:53 Para: IBMVM@LISTSERV.UARK.EDU Asunto: Re: Hi everybody It's the current console log... and what you see is normal. If logged onto it: CLOSE CONS and then TRANSFER PRT ALL TO * If this is another userid: CP SEND CP FTPGEST0 CLOSE CONS CP TRANSFER FTPGETS0 PRT ALL TO * Scott On Thu, Feb 4, 2010 at 9:42 AM, Mario Izaguirre wrote: Hi, I'm new in this forum, and new in VM/ESA,, I have a question: 1. I see the user-id rdr with command: q prt ftpgest0 all ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE DIST FTPGEST0 3115 Q CON 00196180 001 NONE OPEN- 0009 FTPCONSO Ready; T=0.01/0.01 17:27:05 How Is be OPEN State, I can't transfer this RDR to my ReaderList (RL)... And I would have to do, to close the spool and to transfer it to my RL? Best Regards, Mario Izaguirre Mainframe System Programmer 08021 Barcelona, Spain -- Dave Jones V/Soft www.vsoft-software.com Houston, TX 281.578.7544
Re: Hi everybody
On: Thu, Feb 04, 2010 at 06:00:37PM +0100,Mario Izaguirre Wrote: } I'm login with my user-id (maiz) } send ftpgest0 close cons } } HCPSEC068E SEND command failed; receiver has not authorized sender } } Ready(00068); T=0.01/0.01 17:58:43 You need to add the proper VM privledge class to your ID. Easiest way is just duplicate the classes MAINT has. BE CARFULL I don't like class A on either MAINT or your ID as it TOO powerful. Many of us have unintentionally shut VM down at one time. Rarely twice. You can always add it with SET PRIV if you REALLY need it. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Hi everybody
Look carefully:CP SEND CP FTPGEST0 CLOSE CONS It's the CP right after SEND that's important... You are sending a command to the guest's CP - rather than whatever OS/app is running underneath. Scott On Thu, Feb 4, 2010 at 10:00 AM, Mario Izaguirre wrote: > I’m login with my user-id (maiz) > > > > q prt ftpgest0 > all > > ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE > DIST > > FTPGEST0 3115 Q CON 00196554 001 NONE OPEN- 0009 > FTPCONSO > > Ready; T=0.01/0.01 > 17:58:17 > > > > send ftpgest0 close > cons > > HCPSEC068E SEND command failed; receiver has not authorized > sender > > Ready(00068); T=0.01/0.01 > 17:58:43 > > > > Try with CP option before SEND .. > > > > cp send ftpgest0 close > cons > > HCPSEC068E SEND command failed; receiver has not authorized > sender > > Ready(00068); T=0.01/0.01 > 17:58:51 > > > > > > > > Best Regards, > > > > > > *Mario Izaguirre* > > Mainframe System Programmer > > Barcelona, Spain > > > > *De:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *En > nombre de *Scott Rohling > *Enviado el:* jueves, 04 de febrero de 2010 17:53 > *Para:* IBMVM@LISTSERV.UARK.EDU > *Asunto:* Re: Hi everybody > > > > It's the current console log... and what you see is normal. > > If logged onto it: CLOSE CONS and then TRANSFER PRT ALL TO * > > If this is another userid: > > CP SEND CP FTPGEST0 CLOSE CONS > CP TRANSFER FTPGETS0 PRT ALL TO * > > Scott > > On Thu, Feb 4, 2010 at 9:42 AM, Mario Izaguirre > wrote: > > > > Hi, I’m new in this forum, and new in VM/ESA,, I have a question: > > > > 1. I see the user-id rdr with command: > >q prt ftpgest0 > all > > ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE > DIST > > FTPGEST0 3115 Q CON 00196180 001 NONE OPEN- 0009 > FTPCONSO > > Ready; T=0.01/0.01 > 17:27:05 > > > > How Is be OPEN State, I can’t transfer this RDR to my ReaderList (RL)… > > > > And I would have to do, to close the spool and to transfer it to my RL? > > > > > > Best Regards, > > > > * * > > * * > > *Mario Izaguirre* > > Mainframe System Programmer > > 08021 Barcelona, Spain > > >
Re: Hi everybody
Hi, thanks for the welcome.. q cplevel VM/ESA Version 2 Release 3.0, service level 9901 Generated at 05/31/99 10:32:22 EST IPL at 12/21/09 11:40:44 EST Ready; T=0.01/0.01 18:07:22 Coming soon, zVM ver. 5.4 in a z/10 BC.. Best Regards, Mario Izaguirre Mainframe System Programmer Barcelona, Spain -Mensaje original- De: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] En nombre de Dave Jones Enviado el: jueves, 04 de febrero de 2010 18:05 Para: IBMVM@LISTSERV.UARK.EDU Asunto: Re: Hi everybody Hi, Mario. First, welcome the the group. This list is an excellent source of information for people new to the z/VM world. What version/level of VM are you running there now? You can very easily see that by issuing the CP command: Q CPLEVEL DJ On 02/04/2010 11:00 AM, Mario Izaguirre wrote: > I'm login with my user-id (maiz) > > > > q prt ftpgest0 all > > > ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE > DIST > > FTPGEST0 3115 Q CON 00196554 001 NONE OPEN- 0009 > FTPCONSO > > Ready; T=0.01/0.01 17:58:17 > > > > > send ftpgest0 close cons > > > HCPSEC068E SEND command failed; receiver has not authorized sender > > > Ready(00068); T=0.01/0.01 17:58:43 > > > > > Try with CP option before SEND .. > > > > cp send ftpgest0 close cons > > > HCPSEC068E SEND command failed; receiver has not authorized sender > > > Ready(00068); T=0.01/0.01 17:58:51 > > > > > > > > > Best Regards, > > > > > > Mario Izaguirre > > Mainframe System Programmer > > Barcelona, Spain > > > > De: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] En > nombre de Scott Rohling > Enviado el: jueves, 04 de febrero de 2010 17:53 > Para: IBMVM@LISTSERV.UARK.EDU > Asunto: Re: Hi everybody > > > > It's the current console log... and what you see is normal. > > If logged onto it: CLOSE CONS and then TRANSFER PRT ALL TO * > > If this is another userid: > > CP SEND CP FTPGEST0 CLOSE CONS > CP TRANSFER FTPGETS0 PRT ALL TO * > > Scott > > On Thu, Feb 4, 2010 at 9:42 AM, Mario Izaguirre > wrote: > > > > Hi, I'm new in this forum, and new in VM/ESA,, I have a question: > > > > 1. I see the user-id rdr with command: > > q prt ftpgest0 all > > >ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE > DIST > >FTPGEST0 3115 Q CON 00196180 001 NONE OPEN- 0009 > FTPCONSO > >Ready; T=0.01/0.01 17:27:05 > > > > > How Is be OPEN State, I can't transfer this RDR to my ReaderList (RL)... > > > > > And I would have to do, to close the spool and to transfer it to my RL? > > > > > > Best Regards, > > > > > > > > Mario Izaguirre > > Mainframe System Programmer > > 08021 Barcelona, Spain > > > > -- Dave Jones V/Soft www.vsoft-software.com Houston, TX 281.578.7544
Re: Hi everybody
Hi, Mario. First, welcome the the group. This list is an excellent source of information for people new to the z/VM world. What version/level of VM are you running there now? You can very easily see that by issuing the CP command: Q CPLEVEL DJ On 02/04/2010 11:00 AM, Mario Izaguirre wrote: I'm login with my user-id (maiz) q prt ftpgest0 all ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE DIST FTPGEST0 3115 Q CON 00196554 001 NONE OPEN- 0009 FTPCONSO Ready; T=0.01/0.01 17:58:17 send ftpgest0 close cons HCPSEC068E SEND command failed; receiver has not authorized sender Ready(00068); T=0.01/0.01 17:58:43 Try with CP option before SEND .. cp send ftpgest0 close cons HCPSEC068E SEND command failed; receiver has not authorized sender Ready(00068); T=0.01/0.01 17:58:51 Best Regards, Mario Izaguirre Mainframe System Programmer Barcelona, Spain De: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] En nombre de Scott Rohling Enviado el: jueves, 04 de febrero de 2010 17:53 Para: IBMVM@LISTSERV.UARK.EDU Asunto: Re: Hi everybody It's the current console log... and what you see is normal. If logged onto it: CLOSE CONS and then TRANSFER PRT ALL TO * If this is another userid: CP SEND CP FTPGEST0 CLOSE CONS CP TRANSFER FTPGETS0 PRT ALL TO * Scott On Thu, Feb 4, 2010 at 9:42 AM, Mario Izaguirre wrote: Hi, I'm new in this forum, and new in VM/ESA,, I have a question: 1. I see the user-id rdr with command: q prt ftpgest0 all ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE DIST FTPGEST0 3115 Q CON 00196180 001 NONE OPEN- 0009 FTPCONSO Ready; T=0.01/0.01 17:27:05 How Is be OPEN State, I can't transfer this RDR to my ReaderList (RL)... And I would have to do, to close the spool and to transfer it to my RL? Best Regards, Mario Izaguirre Mainframe System Programmer 08021 Barcelona, Spain -- Dave Jones V/Soft www.vsoft-software.com Houston, TX 281.578.7544
Re: Hi everybody
I'm login with my user-id (maiz) q prt ftpgest0 all ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE DIST FTPGEST0 3115 Q CON 00196554 001 NONE OPEN- 0009 FTPCONSO Ready; T=0.01/0.01 17:58:17 send ftpgest0 close cons HCPSEC068E SEND command failed; receiver has not authorized sender Ready(00068); T=0.01/0.01 17:58:43 Try with CP option before SEND .. cp send ftpgest0 close cons HCPSEC068E SEND command failed; receiver has not authorized sender Ready(00068); T=0.01/0.01 17:58:51 Best Regards, Mario Izaguirre Mainframe System Programmer Barcelona, Spain De: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] En nombre de Scott Rohling Enviado el: jueves, 04 de febrero de 2010 17:53 Para: IBMVM@LISTSERV.UARK.EDU Asunto: Re: Hi everybody It's the current console log... and what you see is normal. If logged onto it: CLOSE CONS and then TRANSFER PRT ALL TO * If this is another userid: CP SEND CP FTPGEST0 CLOSE CONS CP TRANSFER FTPGETS0 PRT ALL TO * Scott On Thu, Feb 4, 2010 at 9:42 AM, Mario Izaguirre wrote: Hi, I'm new in this forum, and new in VM/ESA,, I have a question: 1. I see the user-id rdr with command: q prt ftpgest0 all ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE DIST FTPGEST0 3115 Q CON 00196180 001 NONE OPEN- 0009 FTPCONSO Ready; T=0.01/0.01 17:27:05 How Is be OPEN State, I can't transfer this RDR to my ReaderList (RL)... And I would have to do, to close the spool and to transfer it to my RL? Best Regards, Mario Izaguirre Mainframe System Programmer 08021 Barcelona, Spain
Re: Hi everybody
It's the current console log... and what you see is normal. If logged onto it: CLOSE CONS and then TRANSFER PRT ALL TO * If this is another userid: CP SEND CP FTPGEST0 CLOSE CONS CP TRANSFER FTPGETS0 PRT ALL TO * Scott On Thu, Feb 4, 2010 at 9:42 AM, Mario Izaguirre wrote: > > > Hi, I’m new in this forum, and new in VM/ESA,, I have a question: > > > > 1. I see the user-id rdr with command: > >q prt ftpgest0 > all > > ORIGINID FILE CLASS RECORDS CPY HOLD DATE TIME NAME TYPE > DIST > > FTPGEST0 3115 Q CON 00196180 001 NONE OPEN- 0009 > FTPCONSO > > Ready; T=0.01/0.01 > 17:27:05 > > > > How Is be OPEN State, I can’t transfer this RDR to my ReaderList (RL)… > > > > And I would have to do, to close the spool and to transfer it to my RL? > > > > > > Best Regards, > > > > * * > > * * > > *Mario Izaguirre* > > Mainframe System Programmer > > 08021 Barcelona, Spain >