Before you begin: You need to know which users will be assigned
superuser authority.
Perform the following steps to authorize selected users to transfer
ownership of any file.
- Define a profile in the UNIXPRIV class to protect the resource
called SUPERUSER.FILESYS.CHOWN.
RDEFINE UNIXPRIV SUPERUSER.FILESYS.CHOWN UACC(NONE)
In
general, generic profile names are allowed for resources in the UNIXPRIV
class (with a few exceptions, such as SHARED.IDS and FILE.GROUPOWNER.SETGID).
Tip: To
assign all file system privileges, you can define a profile called
SUPERUSER.FILESYS.**.
_______________________________________________________________
- Assign selected users or groups as appropriate.
PERMIT SUPERUSER.FILESYS.CHOWN CLASS(UNIXPRIV)
ID(appropriate-groups-and-users) ACCESS(READ)
_______________________________________________________________
- Activate the UNIXPRIV class, if it is not currently active at
your installation.
SETROPTS CLASSACT(UNIXPRIV)
If
you do not activate the UNIXPRIV class and activate SETROPTS RACLIST
processing for the UNIXPRIV class, only superusers are allowed to
transfer ownership of any file. _______________________________________________________________
- Activate SETROPTS RACLIST processing for the UNIXPRIV class, if
it is not already active.
SETROPTS RACLIST(UNIXPRIV)
If
SETROPTS RACLIST processing is already in effect for the UNIXPRIV
class, you must refresh SETROPTS RACLIST processing in order for new
or changed profiles in the UNIXPRIV class to take effect.SETROPTS RACLIST(UNIXPRIV) REFRESH
_______________________________________________________________
When you are done, you have authorized selected users to transfer
ownership of any file.