As Michael suggests, ther is an "ALLOWME" (aka ALLOWALL) utility that
can be run by any session or job with OP capability that will then
permit the session or job to issue any "console" command without
actually being the virtual console.
You can contact me offline if you need the utility.
Cheers,
At 01:09 PM 2011-08-16, James B. Byrne wrote:
>On Tue, August 16, 2011 12:58, Dave Powell, MMfab wrote:
> > This may not be secure enough, but you can have sysstart "allow
> > @.@;commands=allow", because the @.@ allows to future sessions also;
> > and then count on security thru obscurity to hope that nobody except
> > managers will know how to use the allow command to give themselves
> > or others the commands they really need.
> >
>
>In our environment no ordinary user has access to the MPE shell.
>Everyone is placed inside a QUICK session via a LOGON UDC. But, I
>guess that the potential security issue was why I never did the
>above. Thanks for blowing away some old cobwebs.
>
>Regards,
>
>--
>*** E-Mail is NOT a SECURE channel ***
>James B. Byrne mailto:[log in to unmask]
>Harte & Lyne Limited http://www.harte-lyne.ca
>9 Brockley Drive vox: +1 905 561 1241
>Hamilton, Ontario fax: +1 905 561 0757
>Canada L8E 3C3
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
-------------------------------------------------------------------------------------------------
Gilles Schipper
GSA Inc.
HP System Administration Specialists
300 John Street, Box 87651 Thornhill, ON Canada L3T 7R4
Tel: 416.702.7900
email: [log in to unmask] web: http://www.gsainc.com
-------------------------------------------------------------------------------------------------
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|