|
That's easy. Let me explain it to you. See if you get the same results.
DSPCMD QTCP/CHGSMTPA
DSPPGM PGM(QTCP/QTMSCHSMTP)
Use adopted authority . . . . . . . . . . . . : *YES
DSPCMD QSYS/ADDTCPHTE
DSPPGM QTOCADDHTE
Use adopted authority . . . . . . . . . . . . : *YES
DSPOBJD OBJ(QTOCADDHTE) OBJTYPE(*PGM) DETAIL(*SERVICE)
Licensed program . . . . . . . . . . : 5770SS1 V7R4M0
PTF number . . . . . . . . . . . . . :
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Evan Harris
Sent: Monday, November 8, 2021 1:34 PM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Adopted Authority and *IOSYSCFG - is this a bug ?
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender
and know the content is safe.
Hi Rob
thanks for that
I read the same part of the manual you did regarding *ALLOBJ and had
much the same thought. Did they mean it only applies to *ALLOBJ or did
someone forget to do a scan and replace?
Other sections of the manual were explicit that when a program ran
with *OWNER authority, authority checking was done against both
profiles including their special authorities so I concluded that it
should work as expected.
As far as the Host table entry goes, the real requirement is to add a
host table entry for the system itself which I have found is needed
for various reasons.
Good pickup on the PTF, that looks to be much the same issue.
It's still really interesting to me that the startup program appears
to adopt the correct authority but the called program doesn't.
On Tue, Nov 9, 2021 at 2:26 AM Rob Berendt <rob@xxxxxxxxx> wrote:
Or you just apply the ptf to fix thisyou're
https://www.ibm.com/support/pages/apar/SE69810
If this PTF only applies to CHGSMTPA then open a new ticket and say
having the same issue with adding a host table entry.expected
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf
Of Evan Harris
Sent: Saturday, November 6, 2021 6:22 PM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Adopted Authority and *IOSYSCFG - is this a bug ?
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender
and know the content is safe.
Hi All
I've been working on some small programs that make changes requiring
*IOSYSCFG which are to be run at startup. All the programs work as
except for one thing: adopted authority does not provide *IOSYSCFGof
to the user that calls the program.
What I found when I added a call to my program into the program
specified in QSTRUPPGM was that job QSTRUPJD would fail even though
the program making the changes was using adopted authority.
Looking in the Security Reference I can't see anything specific
about *IOSYSCFG not being allowed for adopted authority, but I note
that most
the examples relate to object security.had
To test I wrote a small program that adds a host table entry:
PGM
ADDTCPHTE INTNETADR('192.168.9.99') HOSTNAME((DELETE.ME)) ENDPGM
I then compiled the program with USRPRF(*OWNER) and made sure the
owner
*IOSYSCFG special authority. When I run the program using a profilewithout
*IOSYSCFG I get:requiring
TCP8050: *IOSYSCFG authority required to use ADDTCPHTE.
What is even stranger to me is that if I change the program
specified in QSTRUPPGM to USRPRF(*OWNER) and change the owner of
that program to a profile with *IOSYSCFG special authority, the call
to the program
*IOSYSCFG runs as expected and QSTRUPJD completes normally.security
This seems like a bug, but it would not surprise me if there is a
exception somewhere that I just haven't found.list
Any other theories or suggestions ?
--
Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,list
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com
--
Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
