- The access checks performed are XPG4 IPC permission checks defined
in XPG4 System Interfaces and Headers, as follows:
- The effective z/OS UNIX user identifier (UID) and z/OS UNIX group identifier (GID) for
the calling process is used for all access checks.
- If the CREI user type is system, IRRSKI00 allows
any access. No UIDs or GIDs are used in this case because no process
- If the user being checked is a superuser, IRRSKI00 allows
any access. The user is considered a superuser if the selected UID
is 0 or if the ACEE indicates trusted or privileged authority.
- If the user is not system and is not a superuser, the permission
bits for the IPC key are checked to see if the access requested is
allowed. If the effective UID matches either the owner UID or creator's
UID of the IPC key, the USER permission bits are checked. If the
UIDs do not match, the owner GID and creator's GID of the IPC key
are checked against the user's effective GID and the user's supplemental
group list GIDs. If any one matches, the GROUP permission bits are
checked. If the UIDs and GIDs don't match, the OTHER permission bits
- If the SECLABEL class is active and the ISP contains a security
label, the accessing process must have an equivalent security label.
With MLIPCOBJ active, requests will be failed if either the accessing
process or the ISP does not contain a security label.