Subject: | |
From: | |
Reply To: | |
Date: | Mon, 15 May 2000 10:51:57 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
[log in to unmask] wrote:
>
> I must concede that not having a password on OPERATOR.SYS would allow FTP
> access. This potentially is a problem. When I had originally set this up,
> SYSSTART and FTP didn't exist.
>
> Another important point is that if the SYS account itself if passwordless, all
> users besides OPERATOR in the SYS account must have passwords.
>
> Going back to focus on solutions, dropping "BA" from OPERATOR.SYS would prevent
> the ability to stream a job, but leaving FTP access open is still unacceptable.
>
> So we still are in search for an answer to the original question (and I have
> added one more):
> 1) How can we set up SYSSTART (or a system startup routine) without needing
> embedded passwords.
<snip>
I've used the following...
Logon as MANAGER.SYS
:PURGEUSER OPERATOR.SYS
:NEWGROUP SYSSTART
:NEWUSER SYSSTART;HOME=SYSSTART;CAP=OP,... (arbitrarily chosen name)
:SETCATALOG SYSTART.UDC;USER=SYSTART
File=SYSTART.PUB.SYS
STARTUP
LIMIT 0,0
REFUSE 20
COMMENT THE 'ACCEPT 20' COMMAND IS DONE IN A LATER COMMAND FILE
CONSOLE 22
*
WARMSTART
STARTSESS 22;WARMSTRT,SYSSTART.SYS;HIPRI;NOWAIT
*
COOLSTART
STARTSESS 22;COOLSTRT,SYSSTART.SYS;HIPRI;NOWAIT
*
COLDSTART
STARTSESS 22;COLDSTRT,SYSSTART.SYS;HIPRI;NOWAIT
*
RELOAD
STARTSESS 22;RELOAD,SYSSTART.SYS;HIPRI;NOWAIT
*
UPDATE
STARTSESS 22;UPDATE,SYSSTART.SYS;HIPRI;NOWAIT
*
File=SYSSTART.UDC.SYS
USERLOGON
OPTION LOGON, NOBREAK
XEQ MAIN.SYSSTART
*
All the 'real' startup processing is done from the command file
MAIN.SYSSTART. Do security checks and whatever else from here.
Test !HPJOBNAME to see which kind of start was done.
|
|
|