IBM Support

OA42554: SUPPORT FOR USER ID SUBSTITUTION IN THE HOME DIRECTORY PATH NAME USED BY THE BPX.UNIQUE.USER FUNCTION

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • New Function
    Support for user ID substitution in the home directory path name
    used by the BPX.UNIQUE.USER function
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Security administrators who want automatic   *
    *                 OMVS segment assignment using the            *
    *                 BPX.UNIQUE.USER profile with no manual step  *
    *                 required to assign each user a unique home   *
    *                 directory path name.                         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Currently, adminstrators can only assign some common home
    directory path name in the OMVS segment of the model user ID
    referenced by the BPX.UNIQUE.USER profile in the FACILITY
    class.  Usually, a value such as "/" or "/tmp" is specified,
    and the administrator must assign a unique value after the fact.
    This can limit the effectivenes of the z/OS UNIX automount
    facility.
    

Problem conclusion

Temporary fix

Comments

  • A change is being made to allow user ID substitution in the
    OMVS segment home directory path name field used to
    automatically assign OMVS segments using the BPX.UNIQUE.USER
    facility.
    
    This change affects publications in both the RACF and UNIX
    System Services libraries.
    
    
    RACF
    ====
    
    
    RACF Security Administrator's Guide (SA22-7683)
    -----------------------------------------------
    
    In the chapter titled "RACF and z/OS UNIX", there is a section
    titled "Steps for automatically assigning unique IDs through
    UNIX services." In Step 4, the existing example is replaced by
    the following text:
    
    
    - You can specify the string &RACUID in the HOME directory
    path name to have RACF substitute the user ID in the path name
    when the OMVS segment is created.  If you specify &RACUID in
    uppercase, RACF substitutes the user ID in uppercase.  If you
    specify any character in the string &RACUID in lowercase, RACF
    substitutes the user ID in lowercase.
     - Only the first occurrence of the string is substituted.
     - If you are sharing the RACF database, make sure you have
     the support for OA42554 applied to all sharing systems before
     using &RACUID as described.  On any sharing system without
     the support for OA42554 applied, the &RACUID string is not
     replaced when an OMVS segment is automatically created on
     that system.
     - If the substitution would result in a home directory path
     name that exceeds the maximum length of 1023 characters,
     substitution does not occur.
    
    Example: The following command defines a model profile that
    contains a HOME value in the OMVS segment.
    
      ADDUSER BPXMODEL NAME("OMVS model user profile")
        OMVS(HOME("/tmp") PROGRAM("/bin/sh"))
        NOPASSWORD RESTRICTED
    
    Example: The following command defines a model profile that
    substitutes the user ID in lowercase in the HOME value.
    
      ADDUSER BPXMODEL NAME("OMVS model user profile")
        OMVS(HOME("/u/&racuid") PROGRAM("/bin/sh"))
        NOPASSWORD RESTRICTED
    
    If the user TANIA has an OMVS segment created as a result of
    BPX.UNIQUE.USER processing, the home directory that is created
    is /u/tania.
    
    
    Lower down in the same chapter is a section titled "Special
    RRSF considerations for automatic unique IDs".  The following
    text is added to the end of this section:
    
    If you use &RACUID in the home directory string when you
    define the OMVS segment of the model user ID, and this update
    gets propagated to a system without the support for APAR
    OA42554 applied, substitution of user IDs for &RACUID does not
    occur when new OMVS segments are assigned on that system.  For
    information about using &RACUID in the home directory string,
    see  Steps for automatically assigning unique IDs through UNIX
    services".
    
    
    UNIX System Services
    ====================
    
    
    UNIX System Services Planning (GA22-7800)
    -----------------------------------------
    
    Chapter 4, Establishing UNIX security, contains a section
    titled "Automatically generating UIDs and GIDs".  The
    following new paragraph is added at the end of the section:
    
    You can specify the string &racuid as a placeholder for the
    user ID in the home directory path name.  When RACF creates
    the OMVS segment, it substitutes the user ID for which the
    OMVS segment is being created.  When automount is implemented,
    a user file system is allocated, mounted, and assigned the
    user ID as its owner.  For more information about specifying
    &racuid and considerations for sharing the RACF database, see
    the topic on automatic assignment in z/OS Security Server RACF
    Security Administrator's Guide.
    

APAR Information

  • APAR number

    OA42554

  • Reported component name

    RACF

  • Reported component ID

    5752XXH00

  • Reported release

    770

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-06-13

  • Closed date

    2013-07-23

  • Last modified date

    2013-09-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA69990 UA69991

Modules/Macros

  • IRRPRE04 IRRRUM02
    

Publications Referenced
SA227683XXGA227800XX   

Fix information

  • Fixed component name

    RACF

  • Fixed component ID

    5752XXH00

Applicable component levels

  • R770 PSY UA69990

       UP13/08/14 P F308

  • R780 PSY UA69991

       UP13/08/14 P F308

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"770","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"770","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
04 September 2013