• Subject: RE: Restricting User Access
  • From: "Kempter, Eric" <EKempter@xxxxxxxxxx>
  • Date: Tue, 18 Nov 97 09:56:00 PST


Thanks for the information, however, I believe that this is the closest   
that you can come to a profile with no access (aside from purchasing your   
product).  I would be interested in knowing what the original poster   
needs such a profile for - emulation to host connection?

Eric Kempter
Sr. Programmer/Analyst
E-Mail: EKempter@smsocs.com


 -----Original Message-----
From: midrange-l-owner [SMTP:midrange.com!midrange-l-owner@mcs.com]
Sent: Monday, November 17, 1997 10:10 PM
To: MIDRANGE-L
Subject: RE: Restricting User Access

At 04:51 PM 11/17/97 PST, you wrote:
>
>What security level (QSECURITY) is your system at Chris?  Have you
>considered duplicating the QUSER profile.  That profile should have very   
    

>little security assigned to it.  Aside from that, creating a user   
profile
>with Limit Capabilities of *YES will restrict anyone who signs on with   
    

>your newly created user profile from running commands or changing the
>user profile if your system is at Security level 30 or above.

Eric,

Sadly even QUSER has too much authority on a default AS/400.  Through   
both
your shop's (really most shop's, I'm not picking on you) and OS/400's
liberal use of *PUBLIC access, QUSER is authorized to a number of things
that you wouldn't want the real *PUBLIC (remember in the internet world
*PUBLIC can now literally be the whole freaking world!) to have access   
to.

Also, sadly, LMTCPB does not prevent command execution from networked   
users.
LMTCPB only works with QCMD.  Any networked system running Client Access,
DDM, or FTP can slip right under the RMTCMD gate without being blocked,   
or
even logged.  What's amazing is that this means every /400 with PC's
attached has had this vulernability since the early days of PC support.   
 It
just took the 'user friendlyness' of W95 to make it so hard to ignore.

(Hmmm... that may have been a thinly vailed plug for our product, guess I
should declare myself a vendor.  :)


HTH,

jte


>
> -----Original Message-----
>From: midrange-l-owner [SMTP:midrange.com!midrange-l-owner@mcs.com]
>Sent: Monday, November 17, 1997 4:45 PM
>To: MIDRANGE-L
>Subject: Restricting User Access
>
>
>Hello everyone!
>
>I have a security question that some of you may be able to help me with.
>
>Simply put -- Do you know if there is a way to create a user profile   
that
>is NOT authorized to anything?
>
>I'm trying to set up a user ID on the '400 that basically is not
>authorized
>to anything.  I would like to then set up specific objects (pgms) that   
    

>the
>user is authorized to.
>
>Any help is greatly appreciated .....Thanks!
>
>
>Chris Ring
>Senior Systems Analyst
>Arksys Inc.
>Little Rock, Arkansas
>
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>| Questions should be directed to the list owner/operator:
>david@midrange.com
>+---
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>| Questions should be directed to the list owner/operator:   
david@midrange.com
>+---
>
>
*********************************
* John Earl                     *
* Lighthouse Software Inc.      *
* 8514 71st NW                  *
* Gig Harbor, WA 98335          *
* 253-858-7388                  *
* johnearl@lns400.com           *
*********************************



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator:   
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.