Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Assigning UIDs to multiple users z/OS UNIX System Services Planning GA32-0884-00 |
|
Do not assign the same UID to multiple user IDs because the sharing of UIDs allows each user to access all of the resources associated with the other users of that shared user ID. The shared access includes not only z/OS UNIX resources such as files, but also includes the possibility that one user could access z/OS resources of the other user that are normally considered to be outside the scope of z/OS UNIX. However, you might want to assign the same UID to multiple user IDs if these user IDs are used by the same person or persons. It might also be necessary to assign multiple users a UID of 0 (superuser authority). When doing this, it is important to remember that a superuser is implicitly a trusted user who has the potential of using UID(0) to access all z/OS resources. Rule: If the SHARED.IDS profile is defined in the UNIXPRIV class, in order to assign a UID that is already in use to another user ID you must specify the SHARED keyword with the UID keyword on the RACF® ADDUSER or ALTUSER command. By default, RACF does not prevent the sharing of UIDs and GIDs. However, you can enforce unique UNIX identifiers by defining a profile called SHARED.IDS in the UNIXPRIV class. For more information about SHARED.IDS, see z/OS Security Server RACF Security Administrator's Guide. |
Copyright IBM Corporation 1990, 2014
|