Controlling the use of shared UNIX identities

When you allow users to share UIDs, you lose the ability to control user access at an individual level. Users of a shared UID are treated as the same user during z/OS® UNIX security checks.

Guideline: Avoid using shared (non-unique) UIDs and GIDs because they result in the loss of user accountability and decrease security. If shared UIDs and GIDs already exist at your installation, make an effort to minimize their use. Use the IRRDBU00 reports called "UIDS" and "GIDS" to find occurrences of shared IDs, and change them to unique IDs where appropriate.

If you want to implement automatic assignment of unique IDs, you must prevent the sharing of UNIX UIDs and GIDs. For details, see Enabling automatic assignment of unique UNIX identities.

Parent topic: RACF and z/OS UNIX