× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. August 2006

Re: Commands for Limited Users

Jim,

Sorry, I should have been more clear.  This is the list of commands that
limited capabilities are allowed to run from an OS/400 command line.
But as I mentioned earlier, there are other interfaces that limited
capability users can use to run these (and other) commands.

LMTCPB users can are not restricted from running other commands from
within a compiled program - assuming they have at least *USE authority
to the command object.

jte



--
John Earl | Chief Technology Officer
The PowerTech Group
19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxx
www.powertech.com 
Celebrating our 10th Anniversary Year!
 

 
This email message and any attachments are intended only for the use of
the intended recipients and may contain information that is privileged
and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message, or by telephone, and delete
the message from your email system.
--


-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Jim
Franz
Sent: Tuesday, August 29, 2006 3:57 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Commands for Limited Users

John - is this list commands they can execute from a
command line, or the
total list of commands they can execute, even if the
command is within
a clp program (assuming normal auth to the pgm, not
adopted, and the program
executing under the authority of the user of the program,
not the owner)?
It was my understanding that this list was a limitation of
what a limited
user
can do on a command line.
Jim Franz

----- Original Message -----
From: "John Earl" <john.earl@xxxxxxxxxxxxx>
To: "Security Administration on the AS400 / iSeries"
<security400@xxxxxxxxxxxx>
Sent: Tuesday, August 29, 2006 4:59 PM
Subject: Re: [Security400] Commands for Limited Users



Dave,

I'm reciting this from memory, so it may not be an

exhaustive list, but

if I recall correctly there were somewhere around 8

commands shipped

with the operating system that are available to limited

users.  Let's

see which ones I can remember, and then we'll see if

others can chime in

with any I may have missed.

DSPJOB
DSPJOBLOG
DSPMSG
SIGNOFF
SNDMSG
STRPCO
WRKENVVAR
WRKMSG

Of these, SIGNOFF is virtually essential, and the three

"DSP" and the

SNDMSG command are relatively inconsequential risk

(assuming you are

doing appropriate tightening elsewhere, as you have

said).  STRPCO is

risky, and probably completely unnecessary, and, absent

a specific

reason to leave them open, the WRKENVVAR and WRKMSG

could afford to be

restricted as well.

This list only includes commands that are allowed by

Limited Capability

users as shipped from the factory.  You may have more OS

commands or

application commands that have been opened to Limited

Capability users

as well.  There is at least one commercial product (uh,

why yes, that

would be a PowerTech product :) ) that will show you

this list quickly

in a single report (and help you ensure that the list

stays constant),

but I am not aware of any automated facility in the OS

that will track

this parameter for you.

HTH,

jte


--
John Earl | Chief Technology Officer
The PowerTech Group
19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxx
www.powertech.com
Celebrating our 10th Anniversary Year!



This email message and any attachments are intended only

for the use of

the intended recipients and may contain information that

is privileged

and confidential. If you are not the intended recipient,

any

dissemination, distribution, or copying is strictly

prohibited. If you

received this email message in error, please immediately

notify the

sender by replying to this email message, or by

telephone, and delete

the message from your email system.
--


-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of
Turnidge, Dave
Sent: Tuesday, August 29, 2006 11:19 AM
To: Security Administration on the AS400 / iSeries
Subject: [Security400] Commands for Limited Users

I am trying to get a handle on security on our systems,
and have now
arrived at "Commands for Limited Users." I have an

Excel

spreadsheet
which has all the commands in this category on our
systems.

First, I would like to know what are the commands for
limited users that
come with the system as shipped from IBM. Second, do

you

agree with that
list? I.e., should there be ANY commands available to
limited users?

I await your reply.

Thank you,

Dave

_______________________________________________
This is the Security Administration on the AS400 /

iSeries

(Security400) mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the
archives
at http://archive.midrange.com/security400.




_______________________________________________
This is the Security Administration on the AS400 /

iSeries (Security400)

mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:

http://lists.midrange.com/mailman/listinfo/security400

or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the

archives

at http://archive.midrange.com/security400.




_______________________________________________
This is the Security Administration on the AS400 / iSeries
(Security400) mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the
archives
at http://archive.midrange.com/security400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.