z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using sanction lists

z/OS UNIX System Services Planning
GA32-0884-00

You can compile a list to contain the lists of path names and program names that are sanctioned by the installation for use by APF-authorized or program controlled calling programs. This file contains properly constructed path names and program names as defined in z/OS UNIX System Services User's Guide.

Be sure that you are familiar with the activation instructions before using sanction lists. It is possible to unintentionally activate only part of this feature.

Sanction lists contain three separate lists delineated by three keywords:
:authprogram_path
This keyword is the start of a list of directories that is only used in the execution of a hfsload (or C dlload), exec, spawn, or attach_exec from an authorized program.
:programcontrol_path
This keyword is the start of a list of directories that is only used in the execution of a hfsload (or C dlload), exec, spawn, or attach_exec from an executable that is running program controlled.
:apfprogram_name
This keyword is the start of a list of program names that are allowed to get control of APF-authorized programs as a result of an exec or spawn. These names are MVS™ program names.
Parent topic: Establishing UNIX security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014