chiucvallow - work with z/VM user ID filters

Runs on target systems to list, verify, and change the z/VM® user ID filter of the z/VM IUCV HVC device driver.

The filter specifies the z/VM user IDs that are allowed to access HVC terminal devices.

chiucvallow requires root authority.

Format

Figure 1. chiucvallow syntax

1  chiucvallow
2.1   -l
2.1   -e?  <filter>
2.1   -V  <filter>
2.1   -s  <filter>
2.1   -c
where:
-l or --list
displays the z/VM user IDs contained in the current filter.

chiucvallow with the -l option is equivalent to lsiucvallow.

<filter>
specifies a z/VM user ID filter file.

z/VM user ID filter files list z/VM user IDs to be allowed to access the HVC terminal devices. Each z/VM user ID is specified on a separate line. There can also be blank lines and comment lines, which start with a number sign (#).

-e or --edit
edit the current z/VM user ID filter.

If <filter> is specified, the z/VM user ID filter in <filter> is opened in an editor; otherwise the current z/VM user ID filter is imported into the editor.

When the editor is closed, the edited filter is verified (see -V or --verify). If verified successfully, the edited z/VM user ID filter becomes the current filter. If the verification fails, the edited z/VM user ID filter is saved to a backup copy that can then be corrected.

By default, vi is used as the editor. You can specify an alternative editor with the EDITOR environment variable.

-V or --verify
verifies that the z/VM user ID filter specified by <filter>:
  • Contains only z/VM user IDs or patterns that consist of up to eight alphanumeric characters or underscores (_), where the last character of a pattern is an asterisk (*).
  • Contains no more than 500 z/VM user IDs and patterns in total.
  • Does not exceed 4096 bytes
-s or --set
replaces the current z/VM user ID filter with the filter specified by <filter>. The current z/VM user ID filter can be replaced only after <filter> has been successfully verified.
-c or --clear
clears the current z/VM user ID filter. After clearing the filter, any z/VM user ID is allowed to connect to the z/VM IUCV HVC device driver.
-v or --version
displays the version of chiucvallow and exits.
-h or --help
displays a short help text and exits. For more information, see the chiucvallow man page.

Examples

The examples that follow assume a filter file, /etc/ts-filters/filterb, with this content:
# Primary terminal server
termsrv1
# Backup terminal server
# termsrv2
# Replacement for backup terminal server termsrv2
termsrv3
  • To make /etc/ts-filters/filterb the current filter:
    [root]# chiucvallow -V /etc/ts-filters/filterb
    Verify z/VM user ID: termsrv1 : OK
    Verify z/VM user ID: termsrv3 : OK
    
    chiucvallow: Verification summary: verified=2 failed=0 size=18 bytes
    [root]# chiucvallow -s /etc/ts-filters/filterb
  • To list the current filter:
    [root]# chiucvallow -l
    TERMSRV1
    TERMSRV3
  • To clear the filter:
    [root]# chiucvallow -c
The examples that follow assume a filter file, /etc/ts-filters/wildfilter, with this content:
# Primary terminal server
termsrv1
# Backup terminal servers
bkptsrv*
  • To make /etc/ts-filters/wildfilter the current filter:
    [root]# chiucvallow -V /etc/ts-filters/wildfilter 
    Verify z/VM user ID: termsrv1 : OK
    Verify z/VM user ID: bkptsrv* : OK
    
    chiucvallow: Verification summary: verified=2 failed=0 size=18 bytes
    [root]# chiucvallow -s /etc/ts-filters/wildfilter
  • To list the current filter:
    [root]# chiucvallow -l
    BKPTSRV*
    TERMSRV1