as long as the user profile is set to LMTCPB(*YES) there's very few
commands available to the user from the command line, most of which incur
little to no security risk. the biggest risk IMO is the ability to use
others spooled files which may contain sensitive information. this can be
prevent by restricting authority to the output queues those reports go to.
there is a caveat though. if the user can initiate an FTP session to your
system the LMTCPB(*YES) has NO effect at all. LMTCPB is only checked from
the command line. also if the user has access to any options on an IBM
menu that runs a command they normally would not be able to key in, those
commands will not be checked (since the user isn't using the command
line!) the best option IMO is to remove all access to the command line
when possible.

Thanks,
Tommy Holden



From: Darell Wheeler <darellwheeler@xxxxxxxx>
To: midrange-l@xxxxxxxxxxxx
Date: 09/28/2010 07:36 AM
Subject: AS400 Command Line Access
Sent by: midrange-l-bounces@xxxxxxxxxxxx



Hi,

A user has command line access on AS400 but he does not have any special
authority on his profile.Is there any risk which the user can pose to the
system.Can he run any dangerous commands or any programs which may do some
activities.

Thanks
Darell


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.