Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

Capturing terminal-id in Rexx possible?

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> CLIST & REXX
View previous topic :: :: View next topic  
Author Message
Kevin Santos

New User


Joined: 27 Jan 2009
Posts: 26
Location: toronto

PostPosted: Thu Feb 19, 2009 1:20 am    Post subject: Capturing terminal-id in Rexx possible?
Reply with quote

Is it possible to capture the terminal-id of the user executing a rexx pgm running under TSO and then forcing a logoff or killing the TSOID (c u=xxxxxx) of the user executing the rexx?
Back to top
View user's profile Send private message

Kevin Santos

New User


Joined: 27 Jan 2009
Posts: 26
Location: toronto

PostPosted: Thu Feb 19, 2009 1:43 am    Post subject:
Reply with quote

As an example:
Tom signs on to TSO, and executes a 'forbidden' rexx pgm eg: TSO EXEC "PROD.CLIST(FORBID)".

The forbidden pgm captures Tom's terminal-id then logs him off of his TSO session or force him off ie; issues a C U=TOM.
Back to top
View user's profile Send private message
MBabu

Active User


Joined: 03 Aug 2008
Posts: 401
Location: Mumbai

PostPosted: Thu Feb 19, 2009 1:51 am    Post subject: Reply to: Capturing terminal-id in Rexx possible?
Reply with quote

Sure, if he has authority to cancel his id. But why would you ever need to do this? Is this some sort of substitute for real security? If you set up your security right, it shouldn't matter what the user does - they won't have access to sensitive information. Getting around this type of fake 'security' would take an experienced user about than 20 seconds to bypass.
Back to top
View user's profile Send private message
MBabu

Active User


Joined: 03 Aug 2008
Posts: 401
Location: Mumbai

PostPosted: Thu Feb 19, 2009 1:54 am    Post subject:
Reply with quote

I might add that if a program randomly logged me off, I'd go searching for the reason and, as I said, would find it in under a minute.
Back to top
View user's profile Send private message
Kevin Santos

New User


Joined: 27 Jan 2009
Posts: 26
Location: toronto

PostPosted: Thu Feb 19, 2009 2:08 am    Post subject:
Reply with quote

Mbabu, it appears that way, but it's not. this will not compromise real security. this is on top of our already over killed security + strict internal and external security audits. I just need this as an add-on adhoc reporting
Back to top
View user's profile Send private message
dick scherrer

Site Director


Joined: 23 Nov 2006
Posts: 19270
Location: Inside the Matrix

PostPosted: Thu Feb 19, 2009 2:27 am    Post subject:
Reply with quote

Hello,

Quote:
Tom signs on to TSO, and executes a 'forbidden' rexx pgm eg: TSO EXEC "PROD.CLIST(FORBID)".
fwiw - i'd suggest that this and other "magic bullets" be placed in a library that Tom did not have any access permissions. . . Then there would be racf/acf2/tss denial and tracking. . .
Back to top
View user's profile Send private message
PeD

Active User


Joined: 26 Nov 2005
Posts: 456
Location: Belgium

PostPosted: Thu Feb 19, 2009 2:33 am    Post subject:
Reply with quote

Quote:
Tom's terminal-id

And Tom will have everytime the same terminal id??

If Tim comes and is supposed to have permission but - poor guy - uses the Tom's terminal !
Back to top
View user's profile Send private message
Peter Poole

New User


Joined: 07 Jan 2009
Posts: 50
Location: Scotland

PostPosted: Thu Feb 19, 2009 3:24 am    Post subject:
Reply with quote

Meanwhile, back at the question...

Yes, it is possible.

Whether or not you should, depends on context.

If you need to hammer home a point to someone that they should not mess with some execs, fair enough. (Though simply checking the userid and exiting the exec with an appropriate message might also work)

If it's in anyway related to production or system security, my 10 pence would be no, there are much better ways to do it with your site's real security software. (Assuming your site has some)

Cheers.
Back to top
View user's profile Send private message
Kevin Santos

New User


Joined: 27 Jan 2009
Posts: 26
Location: toronto

PostPosted: Tue Feb 24, 2009 1:50 am    Post subject: Reply to: Capturing terminal-id in Rexx possible?
Reply with quote

doable but how??????? icon_smile.gif
Back to top
View user's profile Send private message
Kevin Santos

New User


Joined: 27 Jan 2009
Posts: 26
Location: toronto

PostPosted: Tue Feb 24, 2009 2:10 am    Post subject: Reply to: Capturing terminal-id in Rexx possible?
Reply with quote

nevermind. thanks for the responses

fyi
sysvar(systermid)
Back to top
View user's profile Send private message
dick scherrer

Site Director


Joined: 23 Nov 2006
Posts: 19270
Location: Inside the Matrix

PostPosted: Tue Feb 24, 2009 3:16 am    Post subject:
Reply with quote

Hello,

FWIW - many systems no longer use fixed terminal-ids - they are assigned dynamically.
Back to top
View user's profile Send private message
Kevin Santos

New User


Joined: 27 Jan 2009
Posts: 26
Location: toronto

PostPosted: Tue Feb 24, 2009 7:26 pm    Post subject: Reply to: Capturing terminal-id in Rexx possible?
Reply with quote

^^ Good point thanks.
My adhoc REXX pgm will run on a LPAR using fixed termids.
Back to top
View user's profile Send private message
Pragati Soni

New User


Joined: 18 Jan 2008
Posts: 47
Location: India

PostPosted: Mon Apr 20, 2009 3:50 pm    Post subject: Re: Reply to: Capturing terminal-id in Rexx possible?
Reply with quote

Terminal ids can be captured using variable zuser.
For instance
"ISPEXEC VGET (CL ZUSER)"
USRID = ZUSER
SAY USRID

Here usrid will contain the id.


Kevin Santos wrote:
^^ Good point thanks.
My adhoc REXX pgm will run on a LPAR using fixed termids.
Back to top
View user's profile Send private message
Pedro

Senior Member


Joined: 01 Sep 2006
Posts: 2019
Location: Silicon Valley

PostPosted: Tue Apr 21, 2009 5:04 am    Post subject: Reply to: Capturing terminal-id in Rexx possible?
Reply with quote

Terminal Id is not the same thing as an User Id. One represents hardware and the other represents a person. Variable ZUSER will contain a userid.

Perhaps variables ZLUNAME or ZIPPORT can be used to determine the terminal id.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> CLIST & REXX All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts What is the command to check MODE of ... rohanthengal CLIST & REXX 6 Fri Nov 18, 2016 1:48 pm
This topic is locked: you cannot edit posts or make replies. Rexx to create GDG by scanning JJ result krish.deepu CLIST & REXX 5 Tue Oct 25, 2016 5:32 pm
No new posts Replace repeated JCL with looping REXX prino CLIST & REXX 3 Thu Oct 13, 2016 5:30 am
This topic is locked: you cannot edit posts or make replies. Need to code a Rexx PGM sundaram.naveen CLIST & REXX 18 Thu Oct 06, 2016 6:45 pm
No new posts Need Rexx Program to Load in to DB2 T... Hareesh Verma CLIST & REXX 22 Tue Sep 20, 2016 2:59 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us