RE: Any MAIL MANager (Generic Software Inc.) users out there?

> -----Original Message-----
> From: Dan Bale [mailto:dbale@xxxxxxxxxxxxx]
> Sent: Tuesday, August 10, 2004 9:04 AM
> To: Midrange Systems Technical Discussion
> Subject: RE: Any MAIL MANager (Generic Software Inc.) users out there?
> 
> 
> 
> Or a security setting perhaps?  Is there something that would 
> change how the
> system creates the authority on the user msgq when the user profile is
> created?
> 
> Although, I have to wonder.  If users' message queues are set to
> *PUBLIC:*CHANGE, doesn't that mean that anyone can delete 
> messages from
> someone else's message queue?  That could not be a good thing.

Correct, PUBLIC *CHANGE is too much.  But PUBLIC *USE is probably not enough
if the public will be sending messages to the queue.

To send a message to it, PUBLIC needs *ADD authority to the data.  But *USE
only gives *READ and *EXEC.

>From the info center in regards to securing QSYSOPR *MSGQ

"Users require *CHANGE authority to respond to and delete messages in a
message queue.  Only system operators should have this authority."
"Give the public *ADD authority, as shown on the sample display"


> 
> 
> Actually, after I posted to the list yesterday, I finally 
> received a call
> back from support on this problem.  According to support, 
> MAIL_MANN uses
> SNDPGMMSG, and the help on SNDPGMMSG does not show any of the 
> authority
> requirements as SNDMSG.
> 
> I created two new *USER test profiles, TEST1 & TEST2, with no special
> authorities; user *MSGQ set to *PUBLIC:*USE.  I signed on as 
> TEST1, and ran
> this program:
> 
>   Pgm
>    SNDPGMMSG  MSG('this is just a test') +
>                 TOMSGQ(QUSRSYS/TEST2)
>   Endpgm
> 
> It ran fine, and sent the message to TEST2.
> 
> db
> 

I'm surprised at this.  It should not have worked if everything is
configured as you say.  You might want to double check everything.  Perhaps
the program used adopted authority?

Charles