RE: [Security400] Work with TCP/IP Interfaces: Start/End authority?

["Bale, Dan" <D.Bale@xxxxxxxxxxxxx>]

This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
He has *IOSYSCFG via the group profile.

Phil, thank you for answering.  Honestly.  You actually "played IBM"
right into my hands on this issue.  What I am about to say is NOT
directed towards you, but towards IBM.

IBM:  Why do I have to play this game?  This is silly.  Where is this
documented?  How the h*ll can I administer a system if I'm doomed to
wait until after a user's attempt to use a function fails?

I take a wild guess and search for "TCP/IP interface" in the softcopy.
The CL Reference gives me a clue that the command that is actually run
is STRTCPIFC.  I look it up; nothing offered on authorities or security
restrictions.  Another hit takes me to the OS/400 Security Reference,
where I find something that indicates that the user needs to have *USE
authority on the command.

I have what sounds like the same issue being discussed in a different
thread on this list.  It appears that commands generally (always?)
require *USE authority to be able to use them.  And the reason this
hasn't been an issue with most commands is that most commands are
shipped with *PUBLIC *USE (and not *EXCLUDE).

Am I on the right track now?

Dan Bale
IT - AS/400
Handleman Company
248-362-4400  Ext. 4952
D.Bale@Handleman.com
  Quiquid latine dictum sit altum viditur.
  (Whatever is said in Latin seems profound.)

-------------------------- Original Message --------------------------

> -----Original Message-----
> From: Phil [SMTP:sublime78ska@yahoo.com]
> Sent: Monday, August 20, 2001 5:47 PM
> To:   security400@midrange.com
> Subject:      RE: [Security400] Work with TCP/IP Interfaces: Start/End
> authority?
>
> I would first check *IOSYSCFG
>
> Phil
>
> > -----Original Message-----
> > From: security400-admin@midrange.com
> > [mailto:security400-admin@midrange.com]On Behalf Of Bale, Dan
> > Sent: Monday, August 20, 2001 5:38 PM
> > To: security400@midrange.com
> > Subject: [Security400] Work with TCP/IP Interfaces: Start/End
> authority?
> >
> >
> > This is a multi-part message in MIME format.
> > --
> > [ Picked text/plain from multipart/alternative ]
> > O.K., here's my first question!
> >
> >                Work with TCP/IP Interfaces
> >                                           System: S1234567
> > Type options, press Enter.
> >   1=Add  2=Change  4=Remove  5=Display  9=Start  10=End
> >
> >     Internet        Subnet            Line      Line  Interface
> > Opt Address         Mask           Description  Type  Status
> > __  ______________
> > __  127.0.0.1       255.0.0.0      *LOOPBACK   *NONE  Active
> > __  111.22.33.44    255.255.255.0  HDLENET     *ELAN  Active
> >
> > (Get this screen via CFGTCP, option 1)
> >
> > This weekend, our U.K. branch did a manual IPL to add DASD, and
> > apparently the TCP/IP interfaces were not automatically (?) started.
> So
> > our branch admin attempted to use Work with TCP/IP Interfaces, but
> he
> > did not see options 9=Start & 10=End.  They ended up doing a normal
> IPL
> > and the TCP/IP Interfaces started up.
> >
> > What do I need to do to give this admin the required authority to
> start
> > and end TCP/IP interfaces?  While I would appreciate a direct
> answer, I
> > would also desire to know *where* I can find this information.  Is
> there
> > a reference that I can goto and ask, figuratively speaking, this
> type of
> > question?
> >
> > Dan Bale
> > IT - AS/400
> > Handleman Company
> > 248-362-4400  Ext. 4952
> > D.Bale@Handleman.com
> >   Quiquid latine dictum sit altum viditur.
> >   (Whatever is said in Latin seems profound.)