× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2007

Re: RSTLICPGM


I see you've successfully installed but you might find the following comments helpful:

On 13/04/2007, at 2:48 AM, Jerry Adams wrote:

I am trying to install 5733-SC1 (Portable Utilities for is/OS). Having
never installed a licensed program outside of a release upgrade or
install, I RTFM (InfoCenter in this case: http://tinyurl.com/29szj8).

I do not fully understand why, but the generic instructions for
RSTLICPGM say that for security reasons it should not be run by someone
with *ALLOBJ authority. Rather one is supposed to use a profile without
all object authority, create a CL that adopts authority.

Seems silly. My guess is they are suggesting this to make it harder for someone to install nefarious software. Something like a trojan may use a SAVLICPGM exit program to check the current user profile and then retrieve the special authorities and then check for *ALLOBJ and if found might do something bad. Using an adoptive program would appear to circumvent that sequence because the current user would not show *ALLOBJ yet such authority would be available to the process.

Seems silly because this is a naive approach. Anyone serious about installing a trojan would use alternative methods not so easily circumvented.


I created a user profile for the purpose and a CL while signed on as
QSECOFR, and then granted the profile use of the program. I.e.,
CRTCLPGM with USRPRF(*OWNER) AUT(*EXCLUDE) followed by GRTOBJAUT USER(

But I keep getting error CPF3D96 (Objects for product not restored).
The joblog indicates that, previously, error CPFA09C was issued: Not
authorized to object. The object is /QOpenSys/QIBM/ProdData/SC1.

That's because adopted authority is not used by any of the stream file functions. You could extend the idea presented in the InfoCentre but instead of adopting authority you would swap users however this still won't circumvent the problem they appear to be concerned about.


I checked the permissions and *Public has complete access to the
QOpenSys folder but only Read and Execute authority to the subfolders.

So the user can't add new directory entries. That's probably the root cause of the failure.


So, aside from getting up this morning and reading the (expletive
deleted) manual, what am I missing, doing wrong?

Not using a suitable profile from the start. While there may be some merit in the adopted authority CL program suggestion when installing a non-IBM licensed program I see little point in performing those contortions when installing IBM LPPs. Honestly, if you don't trust them why are you running their code? Sign on as QSECOFR or equivalent and use GO LICPGM or RSTLICPGM directly.

Regards,
Simon Coulter.
--------------------------------------------------------------------
FlyByNight Software OS/400, i5/OS Technical Specialists

http://www.flybynight.com.au/
Phone: +61 3 9419 0175 Mobile: +61 0411 091 400 /"\
Fax: +61 3 9419 0175 \ /
X
ASCII Ribbon campaign against HTML E-Mail / \
--------------------------------------------------------------------



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.