Ron writes: > I think that we are treading on shakky ground here. What if a > "knowledgeable" user, or a cracker, tries this command? What > safeguards would be in place to ensure that a system is not > shutdown by accident? In order to shut the system down "accidentally" using my proposed definition of the SHUTDOWN command, one must: 1) Have OP capability. 2) Be logged on to the logical :CONSOLE device (or be ALLOWed the command). 3) Explicitly type "SHUTDOWN SYSTEM". By the time you have #1 and #2, the system is completely under your control as far as starting and stopping things goes. To get the console requires SM capability or ALLOW or a privileged program. At the physical console one can type <CTRL>A followed by SHUTDOWN and get the same effect. Not even an SM user can execute a "master operator" command without having it explicitly allowed or moving the :CONSOLE. Today any user who could execute the new "SHUTDOWN SYSTEM" command can abort any/every user on the system, and make the system unusable in dozens of ways. I see no reason to prevent the command's use by operations staff (by requiring SM) or to allow it to be executed on any terminal at any time (by *only* requiring SM and not making it a "master operator" command). Keep in mind that a halfway-clever person with just OP capability has all the capabilities of an SM user the same way that a user with just PM capability had access to all the capabilities of an SM user. All three capabilities (OP/SM/PM) logically grant total control of the system, just from different points of view. SM grants it directly and explicitly, but OP and PM do it implicitly as well. Don't give OP capability to an untrusted user. G. * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *