Enabling automatic assignment of unique UNIX identities
Guideline: Assign a unique UID for each user and a unique GID for each group that needs access to z/OS® UNIX functions and resources. Assigning unique IDs rather than shared IDs improves overall security and increases user accountability.
- Method 1: Enable RACF to
automatically assign unique IDs when you issue the following RACF commands with the OMVS operand:
- ADDUSER and ALTUSER commands
Specify the OMVS(AUTOUID) option to have RACF assign a unique UID to the user and store the UID in the OMVS segment of the user profile.
- ADDGROUP and ALTGROUP commands
Specify the OMVS(AUTOGID) option to have RACF assign a unique GID to the group and store the GID in the OMVS segment of the group profile.
To use this method, the RACF database must be at least at AIM stage 2. For implementation details, see Automatically assigning unique IDs using RACF commands.
- ADDUSER and ALTUSER commands
- Method 2: Enable RACF to
automatically assign unique IDs when users without OMVS segments access
the system to use certain UNIX services.
This method provides unique IDs for users who need them to access UNIX functions and resources, and
requires no administrative intervention each time a unique ID is assigned.
You can also use this method to automatically add common information to the OMVS segment of the users who are assigned unique UIDs.
To use this method, the RACF database must be at least at AIM stage 3. For implementation details, see Automatically assigning unique IDs through UNIX services.