× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 1999

Re: CMD calls what program?

  • Subject: Re: CMD calls what program?
  • From: Jim Langston <jlangston@xxxxxxxxxxxxxxxx>
  • Date: Thu, 30 Dec 1999 08:32:52 -0800
  • Organization: Conex Global Logistics Services, Inc.
 
I wouldn't even think about doing it that way.  If you
forget one person, they can run the command.

I would tend to agree, however, that changing the
authority on commands and programs in QSYS willy
nilly is not a good idea.  Who knows what might call
some of those programs.

But I can not see how you can have good security
if you can not *PUBLIC *EXCLUDE certain programs
in the QSYS library.  Someone will always be missed.

Regards,

Jim Langston

Happy New Year!

"Al Barsa, Jr." wrote:

> At 11:32 AM 12/29/1999 -0800, you wrote:
> >Just a thought.  Someone made the mention of changing
> >the authority on the UPDDTA command to Public *EXCLUDE.
> >
> >Thinking on it, I did a DSPCMD on UPDDTA and then
> >also changed the authority of QDZCMDP in QSYS to
> >Public *EXCLUDE.  If someone knows what they are doing
> >they can just do a CALL QSYS/QDZCMDP and pass the
> >correct parameters and call it directly, bypassing the security
> >on the command.
>
> The proper method to exclude someone from a command is to change the
> authority for said person (*PUBLIC in this case) to *EXCLUDE for the
> command object.  OS/400 was not designed for you to go mucking with the
> shipped authorities of objects in QSYS.
>
> As it is, authority is retained when you install commands into QSYS.  This
> is the way God designed the heavens and the universe.
>
> Happy Y2K
>
> Al

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.