VMPOSIX Mapping Profiles for UIDs and GIDs

For each UID that has been defined in the OVM segment of a USER profile, a VMPOSIX profile called Uuid exists. The access list of a Uuid profile contains all user IDs that have been assigned this UID.

For each GID that has been defined in the OVM segment of a GROUP profile, a VMPOSIX profile called Ggid exists. The access list of a Ggid profile contains all groups that have been assigned this GID.

These mapping profiles are used to provide a cross-reference to USER and GROUP profiles. They provide RACF® with a performance sensitive method of returning information for a given UID or GID when requested by z/VM® or application programs.

RACF maintains these mapping profiles automatically when UIDs and GIDs are added, changed, or deleted.

For example, if the following command is issued 
  ADDUSER BRUCE OVM(UID(13))
RACF creates a VMPOSIX profile named U13 with BRUCE contained on the access list. If the following command is subsequently issued 
  ALTUSER BRUCE OVM(UID(55))
RACF deletes the U13 profile and creates a U55 profile with BRUCE contained on the access list.

In general, you should not alter these profiles. However, it is possible they might get inadvertently deleted, or damaged by database corruption. If a profile is deleted, or if the user is not contained in its access list, VM will not be able to retrieve information for the UID or GID that the profile represented. RACF will be unable to locate the mapping profile and will send z/VM a return code indicating that the UID or GID is invalid.

If this happens, an authorized user needs to repair the damage. First, see if the user name associated with the UID or the group name associated with the GID can be determined from a message displayed by OpenExtensions z/VM. For example, if the user name is BRUCE, enter: 
LISTUSER BRUCE OVM NORACF
to display the UID associated with BRUCE. If, for example, LISTUSER displays a UID of 13, you would then enter: 
  RDEFINE VMPOSIX U13 UACC(NONE)
  PERMIT U13 CLASS(VMPOSIX) ACCESS(NONE) ID(BRUCE)
  PERMIT U13 CLASS(VMPOSIX) ID(your-userid) DELETE
The second PERMIT command is necessary because RDEFINE puts the profile creator on the access list.

If you are unable to determine the user name or group name from z/VM, look at the output from the database unload utility to find the user ID or group associated with a given UID or GID. The mapping profiles should then be added, changed or deleted as appropriate.