David,

Check to see if explicit rights are being granted to the program in question
through an authorization list.  According to message CPF1910, on V4R4M0
anyway, you are required to have the following to put a program in debug.

o *EXECUTE authority to the program's library.
o *CHANGE authority to the program.
o *USE rights if your job has *SERVICE authority.

Authority checking is first done for a user profile, then for group profile,
and finally for *PUBLIC.  The first instance found is the authority used by
debug to see if it can be started.  If your user profile is on the
authorization list securing the program with say *USE authority you cannot
start debug.  Give yourself *CHANGE rights and you should be good to go.


Gary Monnier
www.powertechgroup.com  garymon@powertechgroup.com
The Powertech Group, Inc.     Seattle, Washington
Where the Security Experts Live!

Phone: +1-253-872-7788
Fax:     +1-253-872-7904
--


-----Original Message-----
From: security400-admin@midrange.com
[mailto:security400-admin@midrange.com]On Behalf Of David Morris
Sent: Thursday, March 14, 2002 2:34 PM
To: security400@midrange.com
Subject: Re: [Security400] Debug anomaly


Rob,

Here is some more information. First, this is on a V5R1 system.
In this case the group profile is set using the Set Effective Group
API. It did not work with a swap to a profile with the group either.
Here is the authority taken from an edtobjaut for the program:

*GROUP       MYGRP        *ALL        X   X   X   X   X   X   X   X   X
  X

The library:

*GROUP       MYGRP        *ALL        X   X   X   X   X   X   X   X   X
  X

The service program:

*GROUP       MYGRP        *ALL        X   X   X   X   X   X   X   X   X
  X

Running STRDBG on the program results in the following messages:

strdbg mylib/mypgm
Not authorized to debug program MYPGM in library MYLIB.
Errors occurred on command.

The not authorized message is CPF1910.

Running STRDBG on the service program works fine:
strdbg srvpgm(mylib/mysrvpgm)

Running STRDBG without a program name and then hitting F14,
placing a 1 in the add program option, specifying the program
works as expected.

Hopefully this helps clarify what I did.

David Morris

>>> rob@dekko.com 03/14/02 02:57PM >>>

Joblog please.

Rob Berendt

_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/security400
or email: Security400-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.




This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].