Z/OS UNIX Security Overview Disclaimer
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
RICOH Web Enablement Solutions Suite
RICOH Web Enablement Solutions Suite Transform print centric data streams into web-optimized, user-friendly content. Let customers take their information to go. For as long as businesses have existed, there has been important information for them to Benefits communicate to their customers. • Transforms documents for optimal In today’s information-rich age, the need for businesses to web use while maintaining fidelity. accurately, quickly communicate has never been greater. In today’s on-the-go, cost and environment conscious world, • Empowers on-the-go users to paper documents – which are often looked at just once and then access crucial information where, filed or thrown away – can seem inconvenient and antiquated. when and how they need it. • Puts help desk and customers on The RICOH Web Enablement Solutions Suite, which is the same page (literally) by helping comprised of a set of complementary products, helps to to ensure both parties see the transform print-centric data streams into web-ready same document in the exact same documents with utmost fidelity. way, aiding troubleshooting. Products Include: • RICOH Line2PDF Plus • RICOH PS2PDF and RICOH PCL2PD • RICOH AFP Merge • RICOH AFP Visual Environment • RICOH AFP2PDF Plus • RICOH TIFF2PDF Plus 2 To better understand how this is accomplished, take a closer look at the component solutions. RICOH Line2PDF Plus RICOH AFP2PDF Plus Line data documents can be extremely simplistic. Paper documents still have their advantages. They However, when it comes to customer communications, can easily be handed off. They can be marked up you often want to show a little more visual acumen, without any special expertise. -
Software Distributor Administration Guide for HP-UX 11I
Software Distributor Administration Guide for HP-UX 11i HP Computers Manufacturing Part Number: B2355-90754 June 2002, Edition 3 © Copyright 2002 Hewlett-Packard Company. Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty A copy of the specific warranty terms applicable to your Hewlett-Packard product and replacement parts can be obtained from your local Sales and Service Office. Restricted Rights Legend Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR 52.227-19 for other agencies. HEWLETT-PACKARD COMPANY 3000 Hanover Street Palo Alto, California 94304 U.S.A. Use of this document and any supporting software media supplied for this pack is restricted to this product only. Additional copies of the programs may be made for security and back-up purposes only. Resale of the programs, in their present form or with alterations, is expressly prohibited. Copyright Notice Copyright 1997-2002 Hewlett-Packard Company. All rights reserved. -
File Permissions Do Not Restrict Root
Filesystem Security 1 General Principles • Files and folders are managed • A file handle provides an by the operating system opaque identifier for a • Applications, including shells, file/folder access files through an API • File operations • Access control entry (ACE) – Open file: returns file handle – Allow/deny a certain type of – Read/write/execute file access to a file/folder by – Close file: invalidates file user/group handle • Access control list (ACL) • Hierarchical file organization – Collection of ACEs for a – Tree (Windows) file/folder – DAG (Linux) 2 Discretionary Access Control (DAC) • Users can protect what they own – The owner may grant access to others – The owner may define the type of access (read/write/execute) given to others • DAC is the standard model used in operating systems • Mandatory Access Control (MAC) – Alternative model not covered in this lecture – Multiple levels of security for users and documents – Read down and write up principles 3 Closed vs. Open Policy Closed policy Open Policy – Also called “default secure” • Deny Tom read access to “foo” • Give Tom read access to “foo” • Deny Bob r/w access to “bar” • Give Bob r/w access to “bar • Tom: I would like to read “foo” • Tom: I would like to read “foo” – Access denied – Access allowed • Tom: I would like to read “bar” • Tom: I would like to read “bar” – Access allowed – Access denied 4 Closed Policy with Negative Authorizations and Deny Priority • Give Tom r/w access to “bar” • Deny Tom write access to “bar” • Tom: I would like to read “bar” – Access -
Introducing Z/Os Unix System Services
Contact Us [email protected] HOME > COURSE CATALOG > IBM > IBM Z/OS > INTRODUCING Z/OS UNIX SYSTEM SERVICES Introducing z/OS UNIX System Services DURATION 20 Hours RATING COURSE OP05GFR AVAILABLE FORMATS Classroom Training, Online Training BADGES & CERTIFICATIONS LearnQuest IBM z/OS UNIX System Services Foundations Course Description Overview This course describes how open standards are implemented in a z/OS system by z/OS UNIX. UNIX System Services are introduced, and the role of z/OS as a server in the open systems environment is discussed. This is an introductory level course. It provides an overview of z/OS UNIX System Services (usually abbreviated to z/OS UNIX) as seen by the user. Details of installation and implementation for system programmers are not covered in this course. Objectives 9/26/2021 1 of 3 10:29:38 AM Discuss the role of z/OS in an open systems environment Identify the basic terms used in z/OS UNIX Define the components of z/OS UNIX Explain major functions provided in z/OS UNIX Discuss opportunities for applications in a z/OS UNIX environment Identify z/OS base elements and optional features that make up z/OS UNIX Use the two interactive interfaces available to access the services Audience This intermediate course is for all computer professionals who will use z/OS UNIX. Prerequisites You should have a basic knowledge of z/OS equivalent to the course An Introduction to the z/OS Environment (ES05G). Topics Day 1 Welcome and introduction Unit 1. z/OS UNIX overview Unit 2. Introduction to z/OS UNIX Unit 3. -
Interesting Things You Didn't Know You Could Do With
Interesting Things You Didn’t Know You Could Do With ZFS Allan Jude -- ScaleEngine Inc. [email protected] twitter: @allanjude Introduction Allan Jude ● 13 Years as FreeBSD Server Admin ● FreeBSD src/doc committer (focus: ZFS, bhyve, ucl, xo) ● Co-Author of “FreeBSD Mastery: ZFS” and upcoming “FreeBSD Mastery: Advanced ZFS” with M. W. Lucas ● Architect of the ScaleEngine CDN (HTTP and Video) ● Host of BSDNow.tv & TechSNAP.tv Podcasts ● Use ZFS for large collections of videos, extremely large website caches, mirrors of PC-BSD pkgs and RaspBSD ● Single Handedly Manage Over 1000TB of ZFS Storage The Power of ZFS ● Integrated Redundancy (Mirroring, RAID-Z) ● Data Integrity Checking (Checksums, Scrub) ● Pooled Storage (Hot Add Disks) ● Multi-Level Cache (ARC, L2ARC, SLOG) ● Copy-on-Write (no fsck) ● Snapshots and Clones ● Quotas and Reservations ● Transparent Compression (LZ4, GZIP1-9) ● Incremental Replication (zfs send/recv) ● Datasets with Individual Inherited Properties ● Custom Properties ● Fine Grained Delegation Applying That Power ZFS has many features, but how can I use them to solve my problems? ZFS has a very well designed command line user interface, making it very easy for a sysadmin to perform common tasks (add more storage, create new datasets, change settings and properties), accomplish things that were not possible before, as well as extract a great deal more information from the storage system. ZFS Was Meant To Be Scripted # zfs list -Hp -r -o name,refer,logicalreferenced sestore5/mysql02 22001288628 24331078144 sestore5/omicron -
Unix System Software
Unix system software Unix is a family of multitasking, multiuser computer operating systems that derive from the . modifiable source code for all of these components, in addition to the kernel of an operating system, Unix was a self-contained software n in: C and assembly language. This sets Unix apart from proprietary operating systems like Microsoft Windows. system Solaris 10 integrates the most popular open source software and. UNIX is a multitasking operating system developed at Bell Labs in the early s. It was designed to be a small, flexible system used by programmers. APIs are changing more than just software architectures. From planning through. Today, without UNIX systems, the Internet would come to a screeching halt. Their new organization was called the Open Software Foundation (OSF). By operating system, we mean the suite of programs which make the computer UNIX systems also have a graphical user interface (GUI) similar to Microsoft. Unix also was developed as a self-contained software system, comprising the operating system, development environment, utilities. An operating system is the program that controls all the other parts of a computer system, both the hardware and the software. It allocates the computer's. Unix. In , Kenneth Thompson, Dennis Ritchie, and others at AT&T Bell Labs began developing a small operating system on a little-used PDP By the most simple definition, UNIX is a computer operating system - the base software that controls a computer system and its peripherals. The Difference Between UNIX and LINUX Operating Systems With Examples You may have Unix is a proprietary software operating system. -
UNIX System Services Z/OS Version 1 Release 7 Implementation
Front cover UNIX System Services z/OS Version 1 Release 7 Implementation z/OS UNIX overview z/OS UNIX setup z/OS UNIX usage Paul Rogers Theodore Antoff Patrick Bruinsma Paul-Robert Hering Lutz Kühner Neil O’Connor Lívio Sousa ibm.com/redbooks International Technical Support Organization UNIX System Services z/OS Version 1 Release 7 Implementation March 2006 SG24-7035-01 Note: Before using this information and the product it supports, read the information in “Notices” on page xiii. Second Edition (March 2006) This edition applies to Version 1 Release 7 of z/OS (5637-A01), and Version 1, Release 7 of z/OS.e (5655-G52), and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright International Business Machines Corporation 2003, 2006. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xiii Trademarks . xiv Preface . .xv The team that wrote this redbook. .xv Become a published author . xvi Comments welcome. xvii Chapter 1. UNIX overview. 1 1.1 UNIX fundamentals . 2 1.1.1 UNIX objectives . 2 1.1.2 What people like about UNIX . 2 1.1.3 What people don’t like about UNIX . 3 1.1.4 UNIX operating system . 3 1.1.5 UNIX file system . 4 1.1.6 Parameter files . 6 1.1.7 Daemons. 6 1.1.8 Accessing UNIX . 6 1.1.9 UNIX standards. 7 1.1.10 MVS and UNIX functional comparison . 8 1.2 z/OS UNIX System Services fundamentals . -
MTS on Wikipedia Snapshot Taken 9 January 2011
MTS on Wikipedia Snapshot taken 9 January 2011 PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sun, 09 Jan 2011 13:08:01 UTC Contents Articles Michigan Terminal System 1 MTS system architecture 17 IBM System/360 Model 67 40 MAD programming language 46 UBC PLUS 55 Micro DBMS 57 Bruce Arden 58 Bernard Galler 59 TSS/360 60 References Article Sources and Contributors 64 Image Sources, Licenses and Contributors 65 Article Licenses License 66 Michigan Terminal System 1 Michigan Terminal System The MTS welcome screen as seen through a 3270 terminal emulator. Company / developer University of Michigan and 7 other universities in the U.S., Canada, and the UK Programmed in various languages, mostly 360/370 Assembler Working state Historic Initial release 1967 Latest stable release 6.0 / 1988 (final) Available language(s) English Available programming Assembler, FORTRAN, PL/I, PLUS, ALGOL W, Pascal, C, LISP, SNOBOL4, COBOL, PL360, languages(s) MAD/I, GOM (Good Old Mad), APL, and many more Supported platforms IBM S/360-67, IBM S/370 and successors History of IBM mainframe operating systems On early mainframe computers: • GM OS & GM-NAA I/O 1955 • BESYS 1957 • UMES 1958 • SOS 1959 • IBSYS 1960 • CTSS 1961 On S/360 and successors: • BOS/360 1965 • TOS/360 1965 • TSS/360 1967 • MTS 1967 • ORVYL 1967 • MUSIC 1972 • MUSIC/SP 1985 • DOS/360 and successors 1966 • DOS/VS 1972 • DOS/VSE 1980s • VSE/SP late 1980s • VSE/ESA 1991 • z/VSE 2005 Michigan Terminal System 2 • OS/360 and successors -
On Z/OS and OS/390 UNIX
C/C++ Applications on z/OS and OS/390 UNIX Port UNIX C/C++ applications to z/OS Write portable C/C++ applications Real-world port described Michael MacIsaac Ralph Best Johan Koppernaes Ka Yin Lam Raymond Mak Daniel Prevost George Reid ibm.com/redbooks International Technical Support Organization C/C++ Applications on z/OS and OS/390 UNIX December 2001 SG24-5992-01 Take Note! Before using this information and the product it supports, be sure to read the general information in “Special notices” on page 205. Second Edition (December 2001) This edition applies to version 1, release 2 of z/OS and earlier releases of OS/390, program number 5647-A01. Comments may be addressed to: IBM Corporation, International Technical Support Organization Dept. HYJ Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 2000, 2001. All rights reserved. Note to U.S Government Users - Documentation related to restricted rights - Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. Contents Contents . iii Preface . ix The team that wrote this redbook. ix Special notice. .x IBM trademarks . xi Comments welcome. xi Summary of changes. xiii December 2001, Second Edition . xiii Chapter 1. z/OS and OS/390 tools . 1 1.1 User access under z/OS . 2 1.1.1 JCL and batch. 2 1.1.2 JOB statement . -
Case: 3:21-Cv-00031 Document #: 1 Filed: 03/31/21 Page 1 of 57
Case: 3:21-cv-00031 Document #: 1 Filed: 03/31/21 Page 1 of 57 lIN THE DISTRICT COURT OF THE VIRGIN ISLANDS DIVISION OF ST. THOMAS AND ST. JOHN XINUOS, INC., ) ) Plaintiff, ) Civil Action No. __________ ) v. ) ) JURY TRIAL DEMANDED INTERNATIONAL BUSINESS ) MACHINES CORP. and RED HAT, ) INC. ) ) Defendants. ) ) COMPLAINT Case: 3:21-cv-00031 Document #: 1 Filed: 03/31/21 Page 2 of 57 COMPLAINT 1. Plaintiff Xinuos, Inc. (“Xinuos”), for its Complaint against Defendants International Business Machines Corp. (“IBM”) and Red Hat, Inc. (“Red Hat”) alleges on knowledge as to itself, its own acts and facts known to it and reasonable inferences therefrom, and on information and belief as to all other matters, as follows: 2. This case is simple. IBM and Red Hat conspired to illegally corner a market and crush competition. First, IBM stole Xinuos’ intellectual property and used that stolen property to build and sell a product to compete with Xinuos itself. Second, stolen property in IBM’s hand, IBM and Red Hat illegally agreed to divide the relevant market and use their growing market powers to victimize consumers, innovative competitors, and innovation itself. Third, after IBM and Red Hat launched their conspiracy, IBM then acquired Red Hat to solidify and make permanent their scheme. Fourth, IBM has been misleading its investors by falsely claiming all infringement claims against IBM regarding the copied code have been waived. 3. IBM and Red Hat have engaged in this well-worn, anticompetitive conduct in order to corner the market for operating system software that companies rely on to use servers. -
Einführung in Z/OS Und OS/390
Einführung in z/OS und OS/390 Dr. rer. nat. Paul Herrmannn Prof. Dr.-Ing. Wilhelm G. Spruth WS 2006/2007 Teil 3 z/OS Betriebssystem es 0101 ww6 wgs 09-99 System z und S/390 Betriebssysteme z/OS IBM große Installationen (OS/390, MVS) z/VSE IBM mittelgroße Installationen z/VM IBM Virtualisierung, Software Entwicklung TPF IBM spezialisierte Transaktionsverarbeitung UTS 4 Amdahl based on System V, Release 4 (SVR4) OSF/1 Hitachi Open System Foundation Unix z/Linux Public Domain Alle System z bzw. S/390 Betriebssysteme sind Server Betriebssysteme, optimiert für den Multi-User Betrieb es 0521z ww6 wgs 09-99 Transaction Processing Facility TPF 13. Oktober 2006. Die Firma Worldspan, ein weltweiter Anbieter von Reise-Reservierungs- systemen, hat sich für den Einsatz von sechs IBM System z9 Enterprise Class (EC) Mainframe-Servern entschieden. Worldspan will damit sein Angebot an elektronischen Datendiensten erweitern, um circa 700 Anbietern von Reiseangeboten und Millionen von Reisenden weltweit eine gemeinsame Plattform anbieten zu können. Worldspan setzt die neuen IBM System z9 EC Server ein, um sowohl Reisebüros als auch Anbietern von Online-basierten Reisediensten die Möglichkeit zur Nutzung des weltweiten Global Distribution System (GDS) zu geben, über das zum Beispiel die Bestellung und Buchung von Reiseprodukten von Flugzeugtickets, Hotels, Mietwagen und andere Reisedienstleistungen durchgeführt wird. Durch die Nutzung der Software „IBM Transaction Processing Facility“ (TPF) ist Worldspan in der Lage, 17.000 Kundenanfragen pro Sekunde auf -
Application-Defined Decentralized Access Control
Application-Defined Decentralized Access Control Yuanzhong Xu, Alan Dunn, Owen Hofmann*, Michael Lee, Syed Akbar Mehdi, Emmett Witchel ! UT-Austin, Google* Access control mechanism • Simplicity • Flexibility • Easy to understand • Expressive • Less prone to bugs • Support many use cases 2 UNIX/Linux - simplicity • Linux/UNIX • User: UID • Group: GID • Admin: root user • Simplicity • Easy to understand • Less prone to bugs 3 UNIX/Linux - more flexibility • Linux/UNIX • User: UID • Need more flexibility • • Group: GID setuid binary • effective UID • Admin: root user • FS UID • Simplicity • sticky bit • Easy to understand • … • Less prone to bugs 4 setuid binaries make things tricky suEXEC of Apache server: using setuid binaries to run • Need more flexibility CGI/SSI with different UIDs • setuid binary “If you aren't familiar with • effective UID managing setuid root programs and the security • FS UID issues they present, we highly recommend that you • sticky bit not consider using • … suEXEC.” — http://httpd.apache.org/docs/2.2/suexec.html 5 Access control in server applications • A server application typically uses its own, hand- crafted program logic to enforce access control Access control is hard to get right… ! !Source of bugs: among OWASP top 10 application security risks https://www.owasp.org/index.php/Top_10_2010-Main Server application Access control Why OS access control OS CANNOT help? Inflexible OS-level access control • Numerical identifiers for Consequences principals in a flat namespace • different servers/apps CANNOT • 32-bit integer