Enabling automatic assignment of unique UNIX identities

Guideline: Assign a unique UID for each user and a unique GID for each group that needs access to z/OS® UNIX functions and resources. Assigning unique IDs rather than shared IDs improves overall security and increases user accountability.

If you choose not to define unique IDs for each user of UNIX functions, you can enable RACF® to automatically generate unique UIDs and GIDs for you. There are two methods for automatically assigning unique IDs and you can use both methods together on the same system:
  • Method 1: Enable RACF to automatically assign unique IDs when you issue the following RACF commands with the OMVS operand:
    • ADDUSER and ALTUSER commands

      Specify the OMVS(AUTOUID) option to have RACF assign a unique UID to the user and store the UID in the OMVS segment of the user profile.

    • ADDGROUP and ALTGROUP commands

      Specify the OMVS(AUTOGID) option to have RACF assign a unique GID to the group and store the GID in the OMVS segment of the group profile.

    To use this method, the RACF database must be at least at AIM stage 2. For implementation details, see Automatically assigning unique IDs using RACF commands.

  • Method 2: Enable RACF to automatically assign unique IDs when users without OMVS segments access the system to use certain UNIX services. This method provides unique IDs for users who need them to access UNIX functions and resources, and requires no administrative intervention each time a unique ID is assigned.

    You can also use this method to automatically add common information to the OMVS segment of the users who are assigned unique UIDs.

    To use this method, the RACF database must be at least at AIM stage 3. For implementation details, see Automatically assigning unique IDs through UNIX services.

Parent topic: RACF and z/OS UNIX