A fix is available
APAR status
Closed as new function.
Error description
New Function Support for user ID substitution in the home directory path name used by the BPX.UNIQUE.USER function
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Security administrators who want automatic * * OMVS segment assignment using the * * BPX.UNIQUE.USER profile with no manual step * * required to assign each user a unique home * * directory path name. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** Currently, adminstrators can only assign some common home directory path name in the OMVS segment of the model user ID referenced by the BPX.UNIQUE.USER profile in the FACILITY class. Usually, a value such as "/" or "/tmp" is specified, and the administrator must assign a unique value after the fact. This can limit the effectivenes of the z/OS UNIX automount facility.
Problem conclusion
Temporary fix
Comments
A change is being made to allow user ID substitution in the OMVS segment home directory path name field used to automatically assign OMVS segments using the BPX.UNIQUE.USER facility. This change affects publications in both the RACF and UNIX System Services libraries. RACF ==== RACF Security Administrator's Guide (SA22-7683) ----------------------------------------------- In the chapter titled "RACF and z/OS UNIX", there is a section titled "Steps for automatically assigning unique IDs through UNIX services." In Step 4, the existing example is replaced by the following text: - You can specify the string &RACUID in the HOME directory path name to have RACF substitute the user ID in the path name when the OMVS segment is created. If you specify &RACUID in uppercase, RACF substitutes the user ID in uppercase. If you specify any character in the string &RACUID in lowercase, RACF substitutes the user ID in lowercase. - Only the first occurrence of the string is substituted. - If you are sharing the RACF database, make sure you have the support for OA42554 applied to all sharing systems before using &RACUID as described. On any sharing system without the support for OA42554 applied, the &RACUID string is not replaced when an OMVS segment is automatically created on that system. - If the substitution would result in a home directory path name that exceeds the maximum length of 1023 characters, substitution does not occur. Example: The following command defines a model profile that contains a HOME value in the OMVS segment. ADDUSER BPXMODEL NAME("OMVS model user profile") OMVS(HOME("/tmp") PROGRAM("/bin/sh")) NOPASSWORD RESTRICTED Example: The following command defines a model profile that substitutes the user ID in lowercase in the HOME value. ADDUSER BPXMODEL NAME("OMVS model user profile") OMVS(HOME("/u/&racuid") PROGRAM("/bin/sh")) NOPASSWORD RESTRICTED If the user TANIA has an OMVS segment created as a result of BPX.UNIQUE.USER processing, the home directory that is created is /u/tania. Lower down in the same chapter is a section titled "Special RRSF considerations for automatic unique IDs". The following text is added to the end of this section: If you use &RACUID in the home directory string when you define the OMVS segment of the model user ID, and this update gets propagated to a system without the support for APAR OA42554 applied, substitution of user IDs for &RACUID does not occur when new OMVS segments are assigned on that system. For information about using &RACUID in the home directory string, see Steps for automatically assigning unique IDs through UNIX services". UNIX System Services ==================== UNIX System Services Planning (GA22-7800) ----------------------------------------- Chapter 4, Establishing UNIX security, contains a section titled "Automatically generating UIDs and GIDs". The following new paragraph is added at the end of the section: You can specify the string &racuid as a placeholder for the user ID in the home directory path name. When RACF creates the OMVS segment, it substitutes the user ID for which the OMVS segment is being created. When automount is implemented, a user file system is allocated, mounted, and assigned the user ID as its owner. For more information about specifying &racuid and considerations for sharing the RACF database, see the topic on automatic assignment in z/OS Security Server RACF Security Administrator's Guide.
APAR Information
APAR number
OA42554
Reported component name
RACF
Reported component ID
5752XXH00
Reported release
770
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-06-13
Closed date
2013-07-23
Last modified date
2013-09-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA69990 UA69991
Modules/Macros
IRRPRE04 IRRRUM02
| SA227683XX | GA227800XX |
Fix information
Fixed component name
RACF
Fixed component ID
5752XXH00
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"770","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"770","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 September 2013