Interactive users of z/OS® UNIX System Services
that are permitted to log on with more than one security label must
have a separate home directory for each security label.
Procedure
Perform the following steps to create a separate home
directory for each security label:
- For each supported security label:
- Log on to an administrative user ID with that security
label.
- Create a directory with the name of that security label
under the /u directory.
- For each user permitted to that security label, create
a home directory under that security label directory.
- Create a symbolic link in the /u directory using the special
value "$SYSSECR/", perhaps named symsecr as follows:
ln -s "$SYSSECR/" /u/symsecr
Tip: When issuing this command from the shell, use double quotation
marks around the $SYSSECR/ string so that the shell does not attempt
variable substitution before passing it to the ln command.
- Define all users' home directories to be '/u/symsecr/user' as follows:
ALTUSER user OMVS(HOME('/u/symsecr/user'))
Results
This approach is useful in many other situations where a different
configuration is required for different security labels.