Controlling who can set the APF-authorized attribute
Use the BPX.FILEATTR.APF resource in the FACILITY class to control which users are allowed to set the APF-authorized attribute in a z/OS® UNIX file.
The following example shows the RACF® command that is used
to give the necessary permission to user Ralph Smorg with user ID SMORG:
RDEFINE FACILITY BPX.FILEATTR.APF UACC(NONE)
PERMIT BPX.FILEATTR.APF CLASS(FACILITY) ID(SMORG) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESHTo set the APF-authorized extended attribute in an executable file, issue the
extattr command with the +a option. In the following example,
proga is the name of the file.
extattr +a /user/sbin/proga