z/OS UNIX REXX exec
As documented in Using REXX and z/OS UNIX System Services (SA22-7806), z/OS® UNIX offers the seteuid SYSCALL command to set the effective UID of the current process. There are few things to keep in mind when using the seteuid command.
- The seteuid command uses the z/OS UNIX UID, not the MVS™ user ID. You must first determine the UID of the target user ID, which can be done with the getpwnam SYSCALL command.
- The user ID executing the seteuid command
must have READ permission to the
BPX.SRV.<userid>profile in the
SURROGATclass of your security product to be able to switch to the user ID identified by
<userid>without specifying a password. Note that when multiple user IDs share the same UID, there is no way to determine which one of the user IDs will be checked.
/* rexx */ myID='ibmuser' say userid() address SYSCALL 'getpwnam' myID 'pw.' say pw.1 pw.2 pw.3 pw.4 pw.5 address SYSCALL 'seteuid' pw.2 /* PW_UID = 2 */ say retval errno errnojr say userid()
This sample logon exit, executed by the started task user ID, will result in the following console messages:
+FEK910I LOGON EXIT: invoking logon processing exit in thread 515 +FEK910I LOGON EXIT: STCRSE +FEK910I LOGON EXIT: IBMUSER 1 0 / /bin/sh +FEK910I LOGON EXIT: 0 0 0 +FEK910I LOGON EXIT: IBMUSER +FEK910I LOGON EXIT: completed logon processing exit in thread 515