Manage Learn to apply best practices and optimize your operations.

Beware of assigning special authorities to QUSER profile

Does the user profile QUSER need any special authorities?

No - QUSER not only does not need any special authorities, but it is dangerous to assign them. QUSER is used by IBM as a default user ID on several communication processes, and having that user ID carry special authorities will expose your system to new, and more dangerous, threats. For example, if you have configured SNA communications on your system, the usually default configuration allows remote DDM commands to run under QUSER's authority -- often without requiring a password.

Not only should you not give this profile special authority, you should avoid using it in your own applications and leave it for IBM. You're less likely to have problems that way, and less likely to open new exposures by changing the characteristics of this profile.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security