MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » June 2014

RE: QSYSOPR Security issue for Backups.



fixed

Charles,

I just tested clrtmp utility, on my test LPAR.
Less than 5 seconds.
At first, from the documentation, I thought it was a command.
clrtmp - Clear the /tmp directory
Actually a pgm in qshell.
CLRTMP *PGM QSHELL CPPLE

CALL PGM(QSHELL/CLRTMP)

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Tuesday, June 17, 2014 4:49 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: QSYSOPR Security issue for Backups.

Charles,

Thanks for the info, I was not aware of clrtmp utility.
I always opt for navtive solutions when possible.
How long does clrtmp run, any log history.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Charles Wilt
Sent: Tuesday, June 17, 2014 4:38 PM
To: Midrange Systems Technical Discussion
Subject: Re: QSYSOPR Security issue for Backups.

IBM offers the clrtmp utility
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahz/rzahzclrtmp.htm?lang=en

"You can include a call to the clrtmp utility from the startup program specified by the QSTRUPPGM system value"

Charles


On Tue, Jun 17, 2014 at 3:59 PM, Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
wrote:

Rob,



A while back you stated



<I delete everything out of /tmp on a regular basis (whenever I am in
restricted state).

It does not affect your tape moves or any such thing.>



Several of our apps (BRMS, RXS, etc) write to /tmp, I would like to
automate this cleanup, either on a pwrdwn or on IPL in QSTRUP.

Can the entire /tmp directory simply be cleared.



I'm thinking of using TAATOOL cmd.

DLTIFS OBJ('/tmp') OBJNAM(*all) OBJTYP(*ALL) OWNER(*ALL)



Production /tmp currently 60mb 2,000 items.

R&D /tmp currently 450mb, 950 items.



Any thoughts from the group.



Paul







-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
rob@xxxxxxxxx
Sent: Tuesday, June 10, 2014 11:28 AM
To: Midrange Systems Technical Discussion
Subject: RE: QSYSOPR Security issue for Backups.



Keep in mind that I delete everything out of /tmp on a regular basis
(whenever I am in restricted state).

It does not affect your tape moves or any such thing.





Rob Berendt

--

IBM Certified System Administrator - IBM i 6.1

Group Dekko

Dept 1600

Mail to: 2505 Dekko Drive

Garrett, IN 46738

Ship to: Dock 108

6928N 400E

Kendallville, IN 46755

http://www.dekko.com











From: Stephanie.Cox@xxxxxxxxxxxx<mailto:Stephanie.Cox@xxxxxxxxxxxx>

To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx
<mailto:midrange-l@xxxxxxxxxxxx>>

Date: 06/10/2014 11:10 AM

Subject: RE: QSYSOPR Security issue for Backups.

Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx<mailto:
midrange-l-bounces@xxxxxxxxxxxx>>







Thanks Eric. I knew that wasn't a great idea - but just tried to see
if

it would work. It didn't. It seems to me that BMRS may be trying to

update this/these files as it occurs at the very END of the backup.
I'm

afraid if it keeps going on I'm going to lose some BMRS info for
Expiring

and Moving tapes or something......





Proudly bringing you North America's best-selling

MCI coaches and Europe's top luxury brand, Setra.

Stephanie Cox

Senior Systems Administrator

Motor Coach Industries

7001 Universal Drive

Louisville, KY 40258

Mobile: 502-475-7098

Office: 502-318-3211

Direct Fax: 502-318-8257

E-Mail: Stephanie.Cox@xxxxxxxxxxxx<mailto:Stephanie.Cox@xxxxxxxxxxxx>

www.mcicoach.com<http://www.mcicoach.com>

www.setra-coaches.com<http://www.setra-coaches.com>









From: "DeLong, Eric" <EDeLong@xxxxxxxxxxxxxxx<mailto:
EDeLong@xxxxxxxxxxxxxxx>>

To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx
<mailto:midrange-l@xxxxxxxxxxxx>>,

Date: 06/10/2014 11:04 AM

Subject: RE: QSYSOPR Security issue for Backups.

Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx<mailto:
midrange-l-bounces@xxxxxxxxxxxx>>







Stephanie,



That file is obviously a child of the BRMS daily save, and therefore

(probably) should be excluded from save and restore. I'm not sure if
it

is common to save /tmp, as the contents of that folder are typically

considered disposable. I am definitely NOT a BRMS guru, but I know
there

are many of them here...



It is NOT advised to grant QSYSOPR the *ALLOBJ special authority. You
may



want to undo that change.



-Eric DeLong



-----Original Message-----

From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of

Stephanie.Cox@xxxxxxxxxxxx<mailto:Stephanie.Cox@xxxxxxxxxxxx>

Sent: Tuesday, June 10, 2014 8:11 AM

To: midrange-l@xxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxx>

Subject: QSYSOPR Security issue for Backups.



I am trying to remove the user who originally set up this iSeries -
he's

been gone for years. I have changed the automatic backup to be run by

QSYSOPR -and no matter what - continue to receive this message. 'Not

authorized to object. Object is /tmp/brms/q1asav540051'. Of course
the

number changes each day. I have granted authority to QSYSOPR for /tmp

/tmp/brms. Finally I gave QSYSOPR *ALLOBJ authority in the profile -
and

still got this message last night. Any/All ideas would be greatly

appreciated.





Thanks



~sc



--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:
MIDRANGE-L@xxxxxxxxxxxx> To subscribe,

unsubscribe, or change list options,

visit: http://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:
MIDRANGE-L-request@xxxxxxxxxxxx> Before posting, please take a

moment to review the archives at http://archive.midrange.com/midrange-l.



--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:
MIDRANGE-L@xxxxxxxxxxxx>

To subscribe, unsubscribe, or change list options,

visit: http://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:
MIDRANGE-L-request@xxxxxxxxxxxx>

Before posting, please take a moment to review the archives

at http://archive.midrange.com/midrange-l.





--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:
MIDRANGE-L@xxxxxxxxxxxx>

To subscribe, unsubscribe, or change list options,

visit: http://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:
MIDRANGE-L-request@xxxxxxxxxxxx>

Before posting, please take a moment to review the archives

at http://archive.midrange.com/midrange-l.





--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:
MIDRANGE-L@xxxxxxxxxxxx>

To subscribe, unsubscribe, or change list options,

visit: http://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:
MIDRANGE-L-request@xxxxxxxxxxxx>

Before posting, please take a moment to review the archives

at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact