I must concede that not having a password on OPERATOR.SYS would allow FTP
access. This potentially is a problem.  When I had originally set this up,
SYSSTART and FTP didn't exist.

Another important point is that if the SYS account itself if passwordless, all
users besides OPERATOR in the SYS account must have passwords.

Going back to focus on solutions, dropping "BA" from OPERATOR.SYS would prevent
the ability to stream a job, but leaving FTP access open is still unacceptable.

So we still are in search for an answer to the original question (and I have
added one more):
1) How can we set up SYSSTART (or a system startup routine) without needing
embedded passwords.
2) How do we control FTP logon security?

Thanks,


Mark Ranft

> Be careful about this one Mark.  I could ftp as operator.sys, transfer a
> jobstream over and then stream it.  You could get rather creative about what
you
> put into the job, as well as putting other "supporting files" in the pub area
> for the job to use.  Unless you can positively lock out ftp, you have a hole
you
> need to worry about!
>
> Kevin
>
> Mark Ranft wrote:
>
> > I do not pretend to have an answer for your SYSSTART question.  But I have a
> > new direction to point you in entirely.
> >
> > I suggest that you do not want anyone signing on to the SYS account at all.
> > No matter how careful a SYS account user is, SYS account users will create
> > files and generally have the potential to mess up your system.  It also
> > makes it nearly impossible to separate the HP delivered files from the ones
> > accidentally left behind by people siging on to the SYS account.
> >
> > I suggest that the user OPERATOR.SYS has no password.  Additionally the SYS
> > account has no password.  You heard me right.
> > Anyone can sign on as OPERATOR.SYS.  The trick is to immediately log them
> > off again.
> >
> > Instead consider the following logon UDC...
> >
> > :print udc.operator.sys
> > SETUP
> > OPTION LIST LOGON NOBREAK
> > SETVAR HPAUTOCONT TRUE
> >
> > LIMIT 0,0
> > DOWN 6  OPENQ 6
> > SPOOLER LP;START
> >
> > STREAMS 10
> > JOBFENCE 0
> > JOBPRI CS
> > JOBSECURITY LOW
> > ALLOW @.@;COMMANDS=LOG,STARTSPOOL
> > OUTFENCE 7
> >
> > STREAM JFIXMSG.JOB.A544
> >
> > echo Streaming job to STARTSESS (OPER.MyAcct) on LDev 20.
> > STREAM JOPER.JOB.MyAcct
> > BYE
> > ***
> >
> > Most of  the commands executed are ignored if not entered at the console.
> > The remainder of the commands are harmless.  Even restreaming the job to do
> > a STARTSESS command to LDev 20 can be redone
> >
> > To go further, the next step (secret) is to have the OPER.MyAcct LOGON UDC
> > attempts to ALLOCATE EDITOR.PUB.SYS.  If it is successful, we are doing an
> > initial system startup and the UDC will run the rest of the system start up
> > commands.
> >
> > Simple, elegant and easy to maintain.
> >
> > Mark Ranft - HP e3000 Internet Consultant
> > Pro 3K
> > www.Pro3K.com
> > [log in to unmask]
>