|
"My end goal is to make the experience rich/specific/restricted so the needfor a 5250 session would only be required if you are actually doing green
On Jul 28, 2016, at 10:16 AM, Aaron Bartell <aaronbartell@xxxxxxxxx> wrote:
What problem once they are “~on~” are you trying to solve Aaron? Whatlimits beyond normal user profile controlled access restrictions do you
need?
Good question, let me detail what I have and then maybe others can fill in
with things they see I've missed:
- I've set the security level to 40.
- Users are created as USRCLS(*USER) INLMNU(*SIGNOFF) LMTCPB(*NO). Today
users aren't supplied their passwords because I only allow SSH public key
auth, though if I allowed 5250 access I'd have to change that.
- Three libraries are created and I have object creation set to deny
*PUBLIC access by default (can't remember where I set that off hand)
- Locked down ports to specific users so USR1 can't start an app on a port
USR2 "owns".
- Modified IFS settings to default perms to rwx------ (zero "group" or
"other" authority existing or newly created files)
In short, protecting users from themselves.
My end goal is to make the experience rich/specific/restricted so the need
for a 5250 session would only be required if you are actually doing green
screen programming. For example, instead of providing WRKACTJOB access I
would have a UI dashboard widget that would display that users jobs, logs,
etc, in a more elegant way than 5250.
Aaron Bartell
litmis.com - Services for open source on IBM i
On Thu, Jul 28, 2016 at 8:53 AM, Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:
What problem once they are “~on~” are you trying to solve Aaron? What--
limits beyond normal user profile controlled access restrictions do you
need?
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
On Jul 28, 2016, at 9:25 AM, Aaron Bartell <aaronbartell@xxxxxxxxx>wrote:
Aaron?
Could you not enable the 5250 option in the new web-based Nav stuff
in
Definitely could do that, but my primary problem is once people are ~on~
the machine. I was actually planning to re-write Pete Helgren's web5250
Node.js, but now I'm struggling to find the source as www.web5250.comseems
to no longer exist. Though this might be the code that's now beinghosted
under a different person: https://github.com/paulomcnally/web5250wrote:
Aaron Bartell
litmis.com - Services for open source on IBM i
On Wed, Jul 27, 2016 at 6:45 PM, Jon Paris <jon.paris@xxxxxxxxxxxxxx>
Aaron?
"I have the server fairly locked down, and users have
authority only to their stuff, but it's what I don't know that keeps me
from opening 5250. Would welcome input.”
Could you not enable the 5250 option in the new web-based Nav stuff
directions
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
On Jul 26, 2016, at 1:05 PM, Aaron Bartell <aaronbartell@xxxxxxxxx>wrote:
life
Great feedback. There's a couple things I can help with to make your
better.
1- You can hook up your own shell (i.e. Terminal on Mac). See
tool.here(n1) on how to get your ssh key into your Litmis Space (or just putit
in ~/.ssh/authorized_keys if you know how).SSH/SFTP. I
2 - You can hook up an alternate editor that communicates over
use SublimeText3 + an SFTP plugin(n2) on a regular basis (very reliableand
fast with file saves). Another option I am dying to try isalso
http://code.visualstudio.com (free) which also has an SFTP plugin. I
found a NodePad++ article(n2.2) for those on Windows that like that
https://jasoncarman.wordpress.com/2015/01/17/configuring-sftp-with-notepad/I know Liam Allan uses NotePad++ to edit his RPG in the IFS (and Ithought
I heard he created an RPG syntax highlighter for NotePadd++; that kid
probably never sleeps :-)
n1 - http://bit.ly/litmis-spaces-myownshell
n2 - https://wbond.net/sublime_packages/sftp
n2.2 -
is
3 - Working on the native side has been a hot item. Each Litmis Space
toconfigured with three DB2 libraries (schemas) where you can store your
compiled object. The challenge has been how to get them (RPG/CL/etc)
compiled. Last week I created the "Poor Mans Compile RPG from PASE"
short-term project(n3) to address this issue for another user. I had
(insidecreate it because I learned the "system" command wouldn't work in achroot
environment(n4). Tony and I got to talking and created the db2util(n5)
project that will aid in communicating with QSYS.LIB from a shell
(maybeand outside of chroot). I don't yet have db2util in Litmis Spaces
onlyin two weeks?). And the "Poor Mans Compile RPG from PASE" currently
shorthas a Node.js implementation (hoping for a Python code donation pull
request).
n3 - https://bitbucket.org/litmis/poormanscompilerpgfrompase <---
gallium.arsenide@xxxxxxxxxterm project, not meant to exist forever.
n4 - http://bit.ly/system-command-doesnt-work-in-chroot
n5 - https://bitbucket.org/litmis/db2util <---- long term project
On final note, I've not done a public hosted IBM i where everyone had
access to 5250. I have the server fairly locked down, and users have
authority only to their stuff, but it's what I don't know that keeps me
from opening 5250. Would welcome input.
Aaron Bartell
litmis.com - Services for open source on IBM i
On Tue, Jul 26, 2016 at 11:31 AM, John Yeung <
--
wrote:
[I hope you'll forgive the bloggish nature of this post. Given the--
intended audience, I felt this was the best venue available.]
Overall, Litmis Spaces for Python has been a positive experience. In
some ways, it's almost unbelievably slick; but it's also rough around
the edges.
The slick parts: Using your account requires no software on your end
other than a modern browser. (I've personally used Firefox and Chrome
successfully; I haven't tried any others.) There is a browser-based
SSH login shell that reminds me very much of text-based Unix or Linux
shells. There is a quite beautiful browser-based GUI editor (or
"light" IDE).
Other nice things about it: So far the best thing is that Aaron
Bartell has been enthusiastic and responsive in trying to address any
issues and improve the experience and utility of the whole system.
Now for the rough edges. The shell is a little flaky when it comes to
screen-related issues. Things disappear irretrievably when the line
you're typing gets too long, instead of cleanly wrapping. (All the
more so because the default command prompt includes the full
specification of your current directory, which is already most of a
screen width if you're exploring OSS stuff, thanks to directory
conventions chosen by IBM.) The "more" command is too glitchy to be of
any use.
Somehow the JOE text editor seems to be able to handle screen-oriented
operation, but it's no vi or vim. Some would argue that's a good
thing, but it would be nice to also have vi or a suitable clone, so
that traditional Unix folk can feel right at home and not have to
learn Yet Another Text Editor.
What about the GUI editor? It's very pretty, but it has its own
glitches and weird behavior. Sometimes it goes offline for no apparent
reason (even though the shell is still active and working normally).
Sometimes some of the tabs on the left become unavailable, as do some
of the menu options. Maybe this is related to going offline?
When it comes to using Python itself, the interactive interpreter is
severely hampered by its failure to recognize the backspace key. You
can sort of work around it by using Ctrl+H, but it is not a pleasant
experience, as you can imagine.
Anyway, the bugs and glitches are mostly annoyances, and I can deal
with them. Some of them might be cured by relatively simple
configuration changes. What I'm really missing from Litmis Spaces is
an easy way to work on the native side, in QSYS.LIB. To me, that's
what makes an IBM i an IBM i. Yes, there is the itoolkit bridge, but
it's not that pleasant or easy-to-use (by Python standards), and more
importantly, it's inherently limited in bandwidth. You can't easily
whip up an RPG program to communicate with your Python program on
Litmis Spaces. (In principle, you could write some RPG code into an
IFS file and then send the appropriate CL commands through itoolkit to
compile it; but even if that worked, you would be using neither RDi
nor SEU to write this code, and the whole thing would be like building
a ship in a bottle.)
I was really looking forward to working with my pub400.com account,
precisely because it's a QSYS.LIB environment first and foremost, but
progress on the Python setup there has been stalled. So right now,
pub400.com feels like an IBM i without Python, and Litmis Spaces for
Python feels like Python without an IBM i.
John Y.
--
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/opensource.
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/opensource.
--
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/opensource.
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/opensource.
--
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/opensource.
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/opensource.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.