× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: RE: Restricting User Access
  • From: John Earl <johnearl@xxxxxxxxxx>
  • Date: Mon, 17 Nov 1997 22:10:02 -0800

At 04:51 PM 11/17/97 PST, you wrote:
>
>What security level (QSECURITY) is your system at Chris?  Have you   
>considered duplicating the QUSER profile.  That profile should have very   
>little security assigned to it.  Aside from that, creating a user profile   
>with Limit Capabilities of *YES will restrict anyone who signs on with   
>your newly created user profile from running commands or changing the   
>user profile if your system is at Security level 30 or above.

Eric, 

Sadly even QUSER has too much authority on a default AS/400.  Through both
your shop's (really most shop's, I'm not picking on you) and OS/400's
liberal use of *PUBLIC access, QUSER is authorized to a number of things
that you wouldn't want the real *PUBLIC (remember in the internet world
*PUBLIC can now literally be the whole freaking world!) to have access to.

Also, sadly, LMTCPB does not prevent command execution from networked users.
LMTCPB only works with QCMD.  Any networked system running Client Access,
DDM, or FTP can slip right under the RMTCMD gate without being blocked, or
even logged.  What's amazing is that this means every /400 with PC's
attached has had this vulernability since the early days of PC support.  It
just took the 'user friendlyness' of W95 to make it so hard to ignore.

(Hmmm... that may have been a thinly vailed plug for our product, guess I
should declare myself a vendor.  :)


HTH,

jte


>
> -----Original Message-----
>From: midrange-l-owner [SMTP:midrange.com!midrange-l-owner@mcs.com]
>Sent: Monday, November 17, 1997 4:45 PM
>To: MIDRANGE-L
>Subject: Restricting User Access
>
>
>Hello everyone!
>
>I have a security question that some of you may be able to help me with.
>
>Simply put -- Do you know if there is a way to create a user profile that
>is NOT authorized to anything?
>
>I'm trying to set up a user ID on the '400 that basically is not   
>authorized
>to anything.  I would like to then set up specific objects (pgms) that   
>the
>user is authorized to.
>
>Any help is greatly appreciated .....Thanks!
>
>
>Chris Ring
>Senior Systems Analyst
>Arksys Inc.
>Little Rock, Arkansas
>
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>| Questions should be directed to the list owner/operator:   
>david@midrange.com
>+---
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>| Questions should be directed to the list owner/operator: david@midrange.com
>+---
>
>
*********************************
* John Earl                     *
* Lighthouse Software Inc.      *
* 8514 71st NW                  *
* Gig Harbor, WA 98335          *
* 253-858-7388                  *
* johnearl@lns400.com           *
*********************************



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.