Considerations for z/OS UNIX level of security

If the BPX.DAEMON FACILITY resource is defined, your system has z/OS UNIX security and can exercise more control over your superusers.

Because the RMF™ distributed data server runs as a daemon, it must have access to the BPX.DAEMON facility, and all programs loaded by GPMSERVE and GPM4CIM must be defined to PROGRAM CONTROL. In addition, access to the BPX.SERVER and BPX.STOR.SWAP facilities must be defined for user ID GPMSERVE.

The minimum definitions for the RMF Distributed Data Server are listed in this example. You can use more generic definitions.

PERMIT BPX.DAEMON CLASS(FACILITY) ID(GPMSERVE) ACCESS(READ)
PERMIT BPX.SERVER CLASS(FACILITY) ID(GPMSERVE) ACCESS(READ)
PERMIT BPX.STOR.SWAP CLASS(FACILITY) ID(GPMSERVE) ACCESS(READ)
RDEFINE PROGRAM GPM*     ADDMEM('SYS1.SERBLINK'//NOPADCHK)  UACC(READ)
RDEFINE PROGRAM ERB*     ADDMEM('SYS1.SERBLINK'//NOPADCHK)  UACC(READ)
RDEFINE PROGRAM CEEBINIT ADDMEM('CEE.SCEERUN'//NOPADCHK)    UACC(READ)
RDEFINE PROGRAM IEEMB878 ADDMEM('SYS1.LINKLIB'//NOPADCHK)   UACC(READ)
RDEFINE PROGRAM CELHV003 ADDMEM('SYS1.SCEERUN2'//NOPADCHK) UACC(READ)
RDEFINE PROGRAM C128     ADDMEM('SYS1.SCEERUN2'//NOPADCHK) UACC(READ)
RDEFINE PROGRAM CELHDCPP ADDMEM('SYS1.SCEERUN2'//NOPADCHK) UACC(READ)
SETROPTS WHEN(PROGRAM) REFRESH
SETROPTS RACLIST(FACILITY) REFRESH
Parent topic: Specifying access definitions