Capturing terminal-id in Rexx possible?

Kevin Santos · New User Joined: 27 Jan 2009 Posts: 26 Location: toronto

Is it possible to capture the terminal-id of the user executing a rexx pgm running under TSO and then forcing a logoff or killing the TSOID (c u=xxxxxx) of the user executing the rexx?

Kevin Santos · New User Joined: 27 Jan 2009 Posts: 26 Location: toronto

As an example:
Tom signs on to TSO, and executes a 'forbidden' rexx pgm eg: TSO EXEC "PROD.CLIST(FORBID)".

The forbidden pgm captures Tom's terminal-id then logs him off of his TSO session or force him off ie; issues a C U=TOM.

MBabu · Posted: Thu Feb 19, 2009 1:51 am

Sure, if he has authority to cancel his id. But why would you ever need to do this? Is this some sort of substitute for real security? If you set up your security right, it shouldn't matter what the user does - they won't have access to sensitive information. Getting around this type of fake 'security' would take an experienced user about than 20 seconds to bypass.

MBabu · Posted: Thu Feb 19, 2009 1:54 am

I might add that if a program randomly logged me off, I'd go searching for the reason and, as I said, would find it in under a minute.

Kevin Santos · New User Joined: 27 Jan 2009 Posts: 26 Location: toronto

Mbabu, it appears that way, but it's not. this will not compromise real security. this is on top of our already over killed security + strict internal and external security audits. I just need this as an add-on adhoc reporting

dick scherrer · Posted: Thu Feb 19, 2009 2:27 am

Hello,

PeD · Posted: Thu Feb 19, 2009 2:33 am

Peter Poole · New User Joined: 07 Jan 2009 Posts: 50 Location: Scotland

Meanwhile, back at the question...

Yes, it is possible.

Whether or not you should, depends on context.

If you need to hammer home a point to someone that they should not mess with some execs, fair enough. (Though simply checking the userid and exiting the exec with an appropriate message might also work)

If it's in anyway related to production or system security, my 10 pence would be no, there are much better ways to do it with your site's real security software. (Assuming your site has some)

Cheers.

Kevin Santos · New User Joined: 27 Jan 2009 Posts: 26 Location: toronto

doable but how???????

Kevin Santos · New User Joined: 27 Jan 2009 Posts: 26 Location: toronto

nevermind. thanks for the responses

fyi
sysvar(systermid)

dick scherrer · Posted: Tue Feb 24, 2009 3:16 am

Hello,

FWIW - many systems no longer use fixed terminal-ids - they are assigned dynamically.

Kevin Santos · New User Joined: 27 Jan 2009 Posts: 26 Location: toronto

^^ Good point thanks.
My adhoc REXX pgm will run on a LPAR using fixed termids.

Pragati Soni · New User Joined: 18 Jan 2008 Posts: 47 Location: India

Terminal ids can be captured using variable zuser.
For instance
"ISPEXEC VGET (CL ZUSER)"
USRID = ZUSER
SAY USRID

Here usrid will contain the id.

Pedro · Posted: Tue Apr 21, 2009 5:04 am

Terminal Id is not the same thing as an User Id. One represents hardware and the other represents a person. Variable ZUSER will contain a userid.

Perhaps variables ZLUNAME or ZIPPORT can be used to determine the terminal id.