Re: Restrict ftp access to a certain HFS directory
- From: wfarrell@xxxxxxxxxxxx (Walt Farrell)
- Date: 20 Jan 2006 07:22:54 -0800
On 1/20/2006 9:51 AM, R.S. wrote:
Simple answer is PErmit, not profile: PE * CLA(PROGRAM) ID(SSCSWS) ACC(READ)
Usually CL(PROGRAM) * is UACC(READ), so there is no big issue to give restricted user such permit.
However * profile should be checked: While it is good idea to put whole LNKLST to the profile *, there are programs on linklist which shouldn't be open for everyone. The exceptions I know are ICHDSM00 and IRRDPTAB.
True, but PROGRAM * basically needs to have UACC(READ), and PERMITting the RESTRICTED users explicitly with READ will not hurt.
If they do not have PROGRAM IRRDPI00 and PROGRAM ICHDSM00 specifically defined that is a different exposure, not related to the introduction of RESTRICTED users into the access list of PROGRAM *.
Walt Farrell, CISSP z/OS Security Design, IBM
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html .
- References:
- Re: Restrict ftp access to a certain HFS directory
- From: FEJOS Tamas
- Re: Restrict ftp access to a certain HFS directory
- From: R.S.
- Re: Restrict ftp access to a certain HFS directory
- Prev by Date: Re: Restrict ftp access to a certain HFS directory
- Next by Date: Multi-session window TN3270 client?
- Previous by thread: Re: Restrict ftp access to a certain HFS directory
- Next by thread: Re: Restrict ftp access to a certain HFS directory
- Index(es):
Relevant Pages
|
