Dave,

I'm reciting this from memory, so it may not be an exhaustive list, but
if I recall correctly there were somewhere around 8 commands shipped
with the operating system that are available to limited users.  Let's
see which ones I can remember, and then we'll see if others can chime in
with any I may have missed.

DSPJOB          
DSPJOBLOG
DSPMSG
SIGNOFF
SNDMSG
STRPCO
WRKENVVAR
WRKMSG

Of these, SIGNOFF is virtually essential, and the three "DSP" and the
SNDMSG command are relatively inconsequential risk (assuming you are
doing appropriate tightening elsewhere, as you have said).  STRPCO is
risky, and probably completely unnecessary, and, absent a specific
reason to leave them open, the WRKENVVAR and WRKMSG could afford to be
restricted as well.

This list only includes commands that are allowed by Limited Capability
users as shipped from the factory.  You may have more OS commands or
application commands that have been opened to Limited Capability users
as well.  There is at least one commercial product (uh, why yes, that
would be a PowerTech product :) ) that will show you this list quickly
in a single report (and help you ensure that the list stays constant),
but I am not aware of any automated facility in the OS that will track
this parameter for you.

HTH,

jte


--
John Earl | Chief Technology Officer
The PowerTech Group
19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxx
www.powertech.com 
Celebrating our 10th Anniversary Year!
 

 
This email message and any attachments are intended only for the use of
the intended recipients and may contain information that is privileged
and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message, or by telephone, and delete
the message from your email system.
--

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of
Turnidge, Dave
Sent: Tuesday, August 29, 2006 11:19 AM
To: Security Administration on the AS400 / iSeries
Subject: [Security400] Commands for Limited Users

I am trying to get a handle on security on our systems,
and have now
arrived at "Commands for Limited Users." I have an Excel
spreadsheet
which has all the commands in this category on our
systems.

First, I would like to know what are the commands for
limited users that
come with the system as shipped from IBM. Second, do you
agree with that
list? I.e., should there be ANY commands available to
limited users?

I await your reply.

Thank you,

Dave

_______________________________________________
This is the Security Administration on the AS400 / iSeries
(Security400) mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the
archives
at http://archive.midrange.com/security400.




This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].