Guideline: Assign a unique UID for each user and a unique
GID for each group that needs access to z/OS® UNIX functions and resources. Assigning
unique IDs rather than shared IDs improves overall security and increases
user accountability.
If you choose not to define unique IDs for each user of UNIX functions, you can enable RACF® to automatically generate
unique UIDs and GIDs for you. There are two methods for automatically
assigning unique IDs and you can use both methods together on the
same system:
- Method 1: Enable RACF to
automatically assign unique IDs when you issue the following RACF commands with the OMVS operand:
- ADDUSER and ALTUSER commands
Specify the OMVS(AUTOUID) option
to have RACF assign a unique
UID to the user and store the UID in the OMVS segment of the user
profile.
- ADDGROUP and ALTGROUP commands
Specify the OMVS(AUTOGID) option
to have RACF assign a unique
GID to the group and store the GID in the OMVS segment of the group
profile.
To use this method, the RACF database
must be at least at AIM stage 2. For implementation details, see Automatically assigning unique IDs using RACF commands.
- Method 2: Enable RACF to
automatically assign unique IDs when users without OMVS segments access
the system to use certain UNIX services.
This method provides unique IDs for users who need them to access UNIX functions and resources, and
requires no administrative intervention each time a unique ID is assigned.
You
can also use this method to automatically add common information to
the OMVS segment of the users who are assigned unique UIDs.
To
use this method, the RACF database
must be at least at AIM stage 3. For implementation details, see Automatically assigning unique IDs through UNIX services.