CFS-Holdertask, TSOS Services for non-privileged users

CFS-Holdertask, TSOS Services for non-privileged users

The CFS Holdertask can be started from TSOS by means of the Enter procedure J/CFSHT in the CFS.S.LMSLIB PLAM library. This Holdertask can be used to grant non-privileged CFS users access to certain services normally only available to TSOS. CFSHT provides the following services:

1) User Option OPEN for selecting open files.

The non-privileged user will be presented with a list of all files opened by tasks running under that userid. The user can also use the D-IO parameter to display the IO statistics for the open files under his userid.

The Holdertask will ignore parameter entries from the user requesting access to files for which no permissions exists, for example, files under a foreign userid.

2) Action Code OPN. All TSN's which have opened the file marked with this Action Code will be displayed. TSN's from userids other than the current userid will also be displayed. The Action Code S (STA tsn) can also be used to display status information about the task. Issuing an S Action Code for tasks running under userids other than the current userid can be pevented by setting an option in the CFSMAIN module.

3) Action Code D (Display) for viewing the contents of an open output file. This function is only possible for files previously selected by means of the OPEN User Option.

The CFS Holdertask creates a snapshot file with the current contents of the open SAM/PAM file. This file will be created under the current userid. CFS will delete the file after the Display function has been terminated.

4) :cmd in the Command field of the file list. The non-priveleged user can thus issue commands from under the TSOS userid. The command output (SYSOUT) will be returned to the user. The SYSOUT file of the Holdertask will also contain a listing of all the commands issued, together with the TSN and userid of the requestor.

The following sections describe the options available to the system administrator for enabling specific BS2000 commands for specific users (userids).

In order to enable any of the commands for non-privileged users, a control file must be linked with the CFS Holdertask using the lnkname CFSHTCMD, e.g. FILE CFS.HTCMD,LINK=CFSHTCMD. The standard SAM file CFS.HTCMD contains sample commands and userid information. It also contains extensive commentary lines, indicated by an asterisk in the first column (though not *ALL statements).

The CFS.HTCMD file can be modified in the current session, with the modifications becoming effective immediately.

Example:

STAJV

SETJV

$TEST

SHOW-DAB

VERIFY

JOIN TEST,PASS=

ENTER $TEST.CFS.E.BATCH

$TESTUTM

START-SS 'UTM','AIDSYS'

$SYSPRIV

*ALL

The SHOW-DAB, VERIFY, ENTER $TEST.CFS.E.BATCH commands are reserved for those under the $TEST userid.

The START-SS command with parameters UTM and AID may only be executed from the $TESTUTM userid.

All BS2000 commands may be executed with :cmd from the SYSPRIV userid. The VERIFY and REPAIR-DISK-FILE commands, which normally require confirmation from the user, will be executed automatically by the CFS Holdertask.

All other userids, i.e. those other than $TEST, $TESTUTM and $SYSPRIV are permitted to execute STAJV and SETJV. These commands have no $userid prefix.

Specific commands allowed for users:

The commands must be entered by the user in the CFS command field in the form :cmd [param] .

The CFS.HTCMD file contains sample entries in the form xxx [yyyyy]

CFSHT will check whether the user has a sample command xxx which matches the specified cmd. If no match is found, the user will receive the message "CFSHT: Command not allowed for user", and the command will not be executed.

If only the command name is specified in the sample, the user may execute that command with any parameters. The command must be entered exactly as it appears in the sample. Abbreviations, even though permitted by SDF, will be refused.

Command parameters in the sample entries:

If parameters are specified alongside the command name, then these will be checked specifically by the CFSHT. These parameters will be treated as CFS search strings if they begin with ' , -' , or ( . If this is not the case, the string will be matched via a simple CLC loop with the parameter entered by the user.

Complex search conditions such as AND, OR, Wildcard, as well as negations, can be specified for CFS search conditions. A disadvantage is that quotes must be specified twice.

Only one string can be specified with a simple search condition. A search will then be made for the string exactly as it appears in the HTCMD file. No duplication of quotes is necessary in this case.

Example 1:

JOIN TEST,PASS=C'A

The parameter of the JOIN command will be examined for the string TEST, PASS=C'A'.

Example 2:

JOIN ('TEST','UTM')*'PASS=C''A'

The parameter of the JOIN command will be examined for the string TEST or UTM, and for PASS=C'A after that.

Allow users access to all commands, with a few restrictions:

The CFS.HTCMD file will contain sample entries in the form -xxx

CFSHT will check if a sample entry xxx exists for the user which corresponds to the specified command cmd. If so, the command will not be executed, and the user will be presented with the message "CFSHT: Command not allowed for user". All other commands may be executed.