|
- Add an OMVS segment to the user ID and an OMVS segment to the
default group of the RACF® subsystem
address space. Use the output of the SET LIST command to identify
the user ID of the RACF subsystem.
You
can specify the UID and GID values of your choice by explicitly assigning
a unique UID with the UID operand of the ALTUSER command, and by explicitly
assigning a GID using the GID operand of the ALTGROUP command.
Alternatively,
use the AUTOUID and AUTOGID keywords to automatically assign a unique
UID and GID. (For setup instructions, see Enabling automatic assignment of unique UNIX identities.)
For example, if the RACF subsystem
runs under the user ID RACFSUB whose default group is STCGRP, execute
the following commands to add OMVS segments:
Example: ALTUSER RACFSUB OMVS(AUTOUID HOME(/) PROGRAM(/bin/sh))
ALTGROUP STCGRP OMVS(AUTOGID)
- If the RACF subsystem identity
does not have the TRUSTED or PRIVILEGED attribute, it will require
the necessary FACILITY class authorization in order to extract certificates
from a key ring. (The certificate setup is described in Generating an X.509 V3 certificate for the RACF address space.)
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(RACFSUB) ACCESS(READ)
You
might already be protecting this resource, perhaps with a generic
profile. Modify this step as needed for your environment.
Guideline: If
your installation uses RACF remote
sharing facility (RRSF), assign the TRUSTED attribute to the RACF address space user ID.
|