z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using the SHARED operand

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Once you define the SHARED.IDS profile, if you want to make an exception and create a shared ID (as might be the case for UID 0), you must use the SHARED operand when you add or modify the OMVS segment of a user or group.

Examples:
ADDUSER SUPERONE OMVS(UID(0) SHARED HOME(/) PROGRAM(/bin/echo)) NOPASSWORD
ALTGROUP DUDES OMVS(GID(99) SHARED)

To specify the SHARED operand, you must have the SPECIAL attribute or at least READ authority to the SHARED.IDS profile in the UNIXPRIV class.

Example: To authorize another user to create a user or group with a shared UNIX ID, issue the following commands:

PERMIT SHARED.IDS CLASS(UNIXPRIV) ID(userid) ACCESS(READ)
SETROPTS RACLIST(UNIXPRIV) REFRESH

If specified, the SHARED operand is ignored when any of the following conditions are true:

  • The SHARED.IDS profile is not RACLISTed.
  • The UID or GID operand is omitted.
  • The specified UID or GID value is unique.
  • The specified UID or GID value is identical to the current UID or GID value.
Parent topic: Controlling the use of shared UNIX identities

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014