Hi Darrell

If the user has access to a command line but no special authorities
then they can still run any command that is not specifically excluded
from use by user *PUBLIC or that does not specifically exclude their
user profile.

Unless someone at your site has gone through and set all the command
to exclude public use or this particular user profile then it's likely
that the user has the capability to run commands like (for example)
PWRDWNSYS, DLTF, DLTLIB etc. Note that the having access to the DLTF
command does not necessarily mean you can delete the file -you also
need to have the appropriate rights to the file object in order to be
able to delete it; this applies to commands operating on other objects
as well.

The default security settings for some commands as shipped vary by
release. You'll need to check what public access to each command is
allowed for your user by displaying the object authority on the
command object. This will also reveal whether anyone has altered the
authority defaults for any of the commands for your site.

Generally speaking depending on what the role of your user is command
line access is not considered a good thing. Your auditors will almost
certainly ask you about it, so a better plan might be to ask your user
"why do you need command line acceess ?" and see what commands they
run so you can decide whether it is worth removing their access or
whether it is justified.

Hope this helps

On Wed, Sep 29, 2010 at 1:33 AM, Darell Wheeler <darellwheeler@xxxxxxxx> wrote:
Hi,

A user has command line access on AS400 but he does not have any special authority on his profile.Is there any risk which the user can pose to the system.Can he run any dangerous commands or any programs which may do some activities.

Thanks
Darell

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.