89 lines
5.9 KiB
HTML
89 lines
5.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
<!DOCTYPE html
|
|||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
<meta name="security" content="public" />
|
|||
|
<meta name="Robots" content="index,follow" />
|
|||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
<meta name="DC.Type" content="concept" />
|
|||
|
<meta name="DC.Title" content="Restore programs" />
|
|||
|
<meta name="abstract" content="Restoring programs to your system that are obtained from an unknown source poses a security exposure. Programs might perform operations that break your security requirements. Of particular concern are programs that contain restricted instructions, programs that adopt their owner authority, and programs that have been tampered with." />
|
|||
|
<meta name="description" content="Restoring programs to your system that are obtained from an unknown source poses a security exposure. Programs might perform operations that break your security requirements. Of particular concern are programs that contain restricted instructions, programs that adopt their owner authority, and programs that have been tampered with." />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvrestoresecinfo.htm" />
|
|||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
<meta name="DC.Identifier" content="restoreprog" />
|
|||
|
<meta name="DC.Language" content="en-us" />
|
|||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
<!-- US Government Users Restricted Rights -->
|
|||
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
<title>Restore programs</title>
|
|||
|
</head>
|
|||
|
<body id="restoreprog"><a name="restoreprog"><!-- --></a>
|
|||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
<h1 class="topictitle1">Restore programs</h1>
|
|||
|
<div><p>Restoring programs to your system that are obtained from
|
|||
|
an unknown source poses a security exposure. Programs might perform operations
|
|||
|
that break your security requirements. Of particular concern are programs
|
|||
|
that contain restricted instructions, programs that adopt their owner authority,
|
|||
|
and programs that have been tampered with.</p>
|
|||
|
<p>This includes object types *PGM, *SRVPGM, *MODULE, and *CRQD. You can use
|
|||
|
the QVFYOBJRST, QFRCCVNRST, and QALWOBJRST system values to prevent these
|
|||
|
object types from being restored to your system. See Security-Related Restore
|
|||
|
System Values for more information about these system values. </p>
|
|||
|
<div class="p">The system uses a validation value to help protect programs. This value
|
|||
|
is stored with a program and recalculated when the program is restored. The
|
|||
|
system’s actions are determined by the ALWOBJDIF parameter on the restore
|
|||
|
command and the force conversion on restore (QFRCCVNRST) system value. <div class="note"><span class="notetitle">Note:</span> Programs
|
|||
|
that are created for systems running Version 5 Release 1 or later versions
|
|||
|
of OS/400<sup>®</sup> or i5/OS™ contain
|
|||
|
information that allows the program to be re-created at restore time if necessary.
|
|||
|
The information needed to re-create the program remains with the program even
|
|||
|
when the observability of the program is removed. If a program validation
|
|||
|
error is determined to exist at the time the program is restored, the program
|
|||
|
will be re-created in order to correct the program validation error. The action
|
|||
|
of re-creating the program at restore time is not new to iseries Version 5
|
|||
|
Release 1. In previous releases, any program validation error that was encountered
|
|||
|
at restore time resulted in the program being re-created if possible (if observability
|
|||
|
existed in the program being restored). The difference with Version 5 Release
|
|||
|
1 or later versions of programs is that the information needed to re-create
|
|||
|
these programs remain, even when observability is removed from the program. </div>
|
|||
|
</div>
|
|||
|
<p>Restoring Programs That Adopt the Owner’s Authority: </p>
|
|||
|
<div class="p">When a program is restored that adopts owner authority, the ownership and
|
|||
|
authority to the program may be changed. The following applies: <ul><li>The user profile doing the restore operation must either own the program
|
|||
|
or have *ALLOBJ and *SECADM special authorities. </li>
|
|||
|
<li>The user profile doing the restore operation can receive the authority
|
|||
|
to restore the program by<ul><li>Being the program owner.</li>
|
|||
|
<li>Being a member of the group profile that owns the program (unless you
|
|||
|
have private authority to the program).</li>
|
|||
|
<li>Having *ALLOBJ and *SECADM special authority.</li>
|
|||
|
<li> Being a member of a group profile that has *ALLOBJ and *SECADM special
|
|||
|
authority.</li>
|
|||
|
<li>Running under adopted authority that meets one of the tests just listed.</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li> If the restoring profile does not have adequate authority, all public
|
|||
|
and private authorities to the program are revoked, and the public authority
|
|||
|
is changed to *EXCLUDE. </li>
|
|||
|
<li>If the owner of the program does not exist on the system, ownership is
|
|||
|
given to the QDFTOWN user profile. Public authority is changed to *EXCLUDE
|
|||
|
and the authorization list is removed.</li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
<p>Refer to <a href="rzamvrestorelicprog.htm#restorelicprog">Restore licensed
|
|||
|
programs</a> for more information.</p>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<div class="familylinks">
|
|||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvrestoresecinfo.htm" title="Recovering your system often requires restoring data and associated security information.">Restore security information</a></div>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
</body>
|
|||
|
</html>
|