Earlier threads have noted that NOXCMD is the default for EG, which precludes the use of things like PIPEs and the X and SYSTASK commands.
As a programmer, the downside of this loss of functionality is apparent to me.
What isn't so obvious to me is why this functionality is disabled by default in the first place.
What is the downside of specifying NONOXCMD to reenable PIPE/X/SYSTASK, particularly in a situation where the EG users also have direct login and shell access to the same servers (using the same ID/PW used for EG) outside of EG?
Because being granted shell access with the same authentication is not a universal practice. I think the XCmd changes are a "No No" in my humble opinion.
A server is designed for sharing between a number of people, and you need only have a server up for a very short time before somebody is trying to do something extra. The resources of a server should be managed by a well trained and responsive support team, so that users are not tinkering at the operating system level. While most such activities are benign, some are not. Which leads me to the hated but inescapable conclusion that the insanities of the Morlock minority mean we must impose restrictions.
Give three groups access to a server, and each will probably compete at some point to get increased resources and faster execution time for the work they consider is all that matters. In the Unix world that sometimes means they will try to change job priorities. No amount of reciting "thou shall not" has any effect in reducing these antisocial activities.
However, if you work in an area where no-one is trying to steal an edge on anyone else, where no brinkmanship ever happens and fantasy is not so fantastic then perhaps you don't need the parameter.