If your installation already uses z/OS UNIX, and has
OMVS segments defined in group or user profiles, you should perform
the following steps. If you do not use z/OS UNIX, you do
not need to perform these steps.
To initially populate the UNIXMAP class, do the following:
- Quiesce administrative activity against users and
groups.
- Run the database unload utility (IRRDBU00) against
the database.
- Read instructions at the beginning of the REXX migration
exec (in the IRR30858 member of SYS1.SAMPLIB) concerning what data
sets are to be used in your environment. After reading the exec and
modifying it appropriately, run it against the database unload utility
output. It produces a file containing RDEFINE and PERMIT commands
that will populate the UNIXMAP class. Do not execute this command
file yet.
- Issue SETROPTS NOADDCREATOR. This is very important
because you do not want the ID of the user who runs the command file
produced in Step 3 on the access list
of all the profiles in this new class.
- Execute the command file produced in Step 3. When you execute this file, you might
see messages ICH408I and ICH10102I, indicating that some profile is
already defined to the UNIXMAP class. This occurs if a UID maps to
more than one user ID or if a GID maps to more than one group name.
- If SETROPTS ADDCREATOR was in effect prior to Step 4, issue SETR ADDCREATOR now to restore
that setting.
- Issue SETROPTS CLASSACT(UNIXMAP). The UNIXMAP profiles
will now be used to do UID and GID lookups. To maintain performance,
it is recommended that the UNIXMAP class remain active.
Administrative activity can now be resumed against users and
groups. From this point, RACF® automatically
keeps the UNIXMAP profiles synchronized with the user and group profiles.