× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2004

Re: Any MAIL MANager (Generic Software Inc.) users out there?

Dan Bale wrote:

Our new users have *PUBLIC *CHANGE by default.  I wonder if you've
changed a parameter somewhere?



Or a security setting perhaps?  Is there something that would change how the
system creates the authority on the user msgq when the user profile is
created?

Ah, security setting is likely. Our user message queues are created in the default QUSRSYS which has the create authority set to *SYSVAL; our system value QCRTAUT is *CHANGE which explains our authority.


Although, I have to wonder.  If users' message queues are set to
*PUBLIC:*CHANGE, doesn't that mean that anyone can delete messages from
someone else's message queue?  That could not be a good thing.

You are correct. Our users have LMTCPB(*YES) with [almost] no access to a command line, so we never even considered that possibility. I just tested it and found that a regular user profile was able to delete messages from my queue.


According to support, MAIL_MANN uses SNDPGMMSG, and the help on SNDPGMMSG 
> does not show any of the authority requirements as SNDMSG.

Interesting. I didn't know that was possible. (I learned something, can I go home now?)

I created two new *USER test profiles, TEST1 & TEST2, with no special
authorities; user *MSGQ set to *PUBLIC:*USE.  I signed on as TEST1, and ran
this program:

  Pgm
   SNDPGMMSG  MSG('this is just a test') +
                TOMSGQ(QUSRSYS/TEST2)
  Endpgm

It ran fine, and sent the message to TEST2.

Even more interesting. I'd like to know what support has to say after that little tidbit.

Good luck!
Sean

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.