|
I didn't find anything in my archives. But I've been thinking about the
words I used.
Intensive probably implies a performance context. I don't think that's
what I meant. I think I meant to say less impact - this was a discussion
held at least a couple years ago now, and I never had opportunity to
follow up, so memory furrows weren't plowed well.
I just looked up effective UID and GID - so this is a very simple-minded
expression of what little I know right now.
This whole thing is a unix or posix idea, and the IFS is
posix-compliant, IIRC. One source said that an effective uid or gid is
about what a user can DO. The real usid is WHO the person is.
I think that impact is the better term - swapping a profile under which
a job runs has to involve less change - hence impact - than changing one
attribute under which the job runs.
I hope this helps a little - very little, probably. But it seems that
swapping a profile can give a job more authority than you want, when all
you want is authority to some files in the IFS.
Vern
On 10/8/2013 5:15 PM, Vernon Hamberg wrote:
Hi Scott
I'll have to dig back through some emails - will get back on this.
Vern
On 10/8/2013 4:50 PM, Scott Klement wrote:
I've heard Carol Woodbury recommend doing a setgid instead of swapping
profiles... that way, if your job should crash or something before
swapping back, there's a much lower risk. You're just running with a
different group id, that's all.
I'm surprised when you say that changing the effective UID would be less
intensive vs. swapping profiles. I would've thought these would do
exactly the same thing under the covers? Changing group, yeah, I can
see that being less intensive, but... changing uid? Is that true? Is
it really less resource intensive?
On 10/8/2013 3:31 PM, Vernon Hamberg wrote:
To the swapped-profile idea - I think it was an ISV support person at
IBM who said to change the effective GID or UID of a job - this is just
like swapping profiles, just less intensive. This is done with one or
the other API, qsyseteuid or qsysetegid.
HTH
Vern
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.