Steps for setting up BPX.SUPERUSER

Before you begin: You need to know which users need to have superuser authority.

Perform the following steps to set up BPX.SUPERUSER.

1. Define the BPX.SUPERUSER resource in the FACILITY class.

   RDEFINE FACILITY BPX.SUPERUSER UACC(NONE)

   Rule: You must use the name BPX.SUPERUSER. Substitutions for the name are not allowed.

   _______________________________________________________________

2. If this is the first FACILITY class profile that the installation has defined, activate the FACILITY class with the SETROPTS command.

   SETROPTS CLASSACT(FACILITY)
   SETROPTS RACLIST(FACILITY)

   _______________________________________________________________

3. Permit all users who need superuser authority to this profile. Use the RACF® commands shown in the following example, which give the user ID SYSPROG permission to use the su command to obtain superuser authority. It is assumed that the default group for SYSPROG is set up with a GID.

   ALTUSER SYSPROG OMVS(UID(7) HOME('/u/sysprog') PROGRAM('/bin/sh'))
   PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(SYSPROG) ACCESS(READ)

   _______________________________________________________________

When you are done, you have set up the BPX.SUPERUSER resource in the FACILITY class and permitted the users who need to have superuser authority. When they need to perform superuser tasks, they can switch to superuser mode using the su command or the "Enable superuser mode (SU)" option in the ISPF shell.