UNIXPRIV class permits
The UNIXPRIV class holds profiles that allow a
security administrator to selectively hand out special z/OS® UNIX related
permits, instead of granting all z/OS UNIX related permits with the super
user approach.
| Profile | Permit | Result |
|---|---|---|
| SUPERUSER.FILESYS | READ | User is allowed to read any file or directory. |
| SUPERUSER.FILESYS.ACLOVERRIDE | READ | Permit is only required if ACLOVERRIDE is already defined. It allows the user to read any file or directory, regardless of ACL definitions. |
| SUPERUSER.FILESYS.CHOWN | READ | User is allowed to change the owner of any file or directory. |
| SUPERUSER.FILESYS.CHANGEPERMS | READ | User is allowed to change the permission bits of any file or directory. |
Note: When the
SUPERUSER.FILESYS.ACLOVERRIDE profile
is defined, access permissions defined in ACL (access Control List)
take precedence over the permissions granted through SUPERUSER.FILESYS. The RSED started task user ID will need READ access
permit to the SUPERUSER.FILESYS.ACLOVERRIDE profile
to bypass ACL definitions.