[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.
Kerry Main
kemain.nospam at gmail.com
Mon Nov 7 08:38:32 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of abrsvc via Info-vax
> Sent: 07-Nov-16 6:38 AM
> To: info-vax at rbnsn.com
> Cc: abrsvc <dansabrservices at yahoo.com>
> Subject: Re: [Info-vax] Restrict the use of SUBMIT/USER= to one
> particular user.
>
> An alternative that would not require any privs, would be to
have
> a batch job running under that "user" looking at a mailbox for
> input commands with each application user passing information
> to that mailbox. The batch job would than submit the required
> work under its own name.
>
> The application users would open the mailbox and send the
> appropriate information, send along a terminator string of some
> sort that the receiving batch job would recognize as the end of
> the data, then close the mailbox. With the mailbox opened
> (exclusively), each submitter would be sure to have the entire
> data stream uninterrupted.
>
> Dan
I agree there should be more work examining different options to
accomplish what needs to be done in the job and how it is to be
tracked.
Generically - From a security audit perspective, submitting jobs
using a generic user account would likely fall into the same bad
practice category as allowing multiple users to log into a
generic username account.
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list