[log in to unmask] wrote:
>
> I must concede that not having a password on OPERATOR.SYS would allow FTP
> access. This potentially is a problem.  When I had originally set this up,
> SYSSTART and FTP didn't exist.
>
> Another important point is that if the SYS account itself if passwordless, all
> users besides OPERATOR in the SYS account must have passwords.
>
> Going back to focus on solutions, dropping "BA" from OPERATOR.SYS would prevent
> the ability to stream a job, but leaving FTP access open is still unacceptable.
>
> So we still are in search for an answer to the original question (and I have
> added one more):
> 1) How can we set up SYSSTART (or a system startup routine) without needing
> embedded passwords.

<snip>

I've used the following...

Logon as MANAGER.SYS

:PURGEUSER OPERATOR.SYS
:NEWGROUP SYSSTART
:NEWUSER  SYSSTART;HOME=SYSSTART;CAP=OP,... (arbitrarily chosen name)
:SETCATALOG SYSTART.UDC;USER=SYSTART

File=SYSTART.PUB.SYS
STARTUP
LIMIT 0,0
REFUSE 20
COMMENT THE 'ACCEPT 20' COMMAND IS DONE IN A LATER COMMAND FILE
CONSOLE 22
*
WARMSTART
STARTSESS 22;WARMSTRT,SYSSTART.SYS;HIPRI;NOWAIT
*
COOLSTART
STARTSESS 22;COOLSTRT,SYSSTART.SYS;HIPRI;NOWAIT
*
COLDSTART
STARTSESS 22;COLDSTRT,SYSSTART.SYS;HIPRI;NOWAIT
*
RELOAD
STARTSESS 22;RELOAD,SYSSTART.SYS;HIPRI;NOWAIT
*
UPDATE
STARTSESS 22;UPDATE,SYSSTART.SYS;HIPRI;NOWAIT
*


File=SYSSTART.UDC.SYS
USERLOGON
OPTION LOGON, NOBREAK
XEQ MAIN.SYSSTART
*

All the 'real' startup processing is done from the command file
MAIN.SYSSTART. Do security checks and whatever else from here.
Test !HPJOBNAME to see which kind of start was done.