Angela,
No you don't need UID 0. This is the main misunderstood part of Unix
System Services, everybody thinks that you need UID 0 do do everything.
UID 0 will give Superuser to whoever has this, no matter what other
security is in place.
Unix System Services works everything off of a three bit permission, just
like the Unix and Linux environments.
Bit 1 - Onwer's Permission
Bit 2 - Group's Permission
Bit 3 - Everyone else's Permission
Then you have SETUID, SETGID and Sticky bits as well.
Please see below:
For permissions, specify a 3-digit octal number.
The first digit is access permission for the
file owner. The second digit is access
permission for any member of the file's group.
The third digit is access permission for anyone
else. An octal digit is a number in the range
0-7. The permission associated with each value
is:
0: None
1: Search or execute
2: Write
3: Write plus search or execute
4: Read
5: Read plus search or execute
6: Read plus write
7: Read plus write plus search or execute
The file mode contains the following bit fields
for executable files:
SETUID bit: This program is authorized to change
its effective UID to that of the file
owner.
SETGID bit: This program is authorized to change
its effective GID to that of the group
owner.
SETGID bit: This program is authorized to change
its effective GID to that of the group
that owns the file.
Sticky bit: A superuser can set this bit so that
this program can be loaded from the
system LINKLST or LPALIB.
Craig
Angel Tamayo <a.tamay...@gmail.com>
Sent by: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu>
08/25/2011 07:51 AM
Please respond to
IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu>
To
IBM-MAIN@bama.ua.edu
cc
Subject
Copying file to OMVS
Hi List,
Maybe someone here could have the same or similar case.
I run job:
//COPY1 EXEC PGM=IEBGENER,REGION=0M
//SYSPRINT DD SYSOUT=*
//SYSUT1 DD DISP=SHR,DSN=HLQ.COMPRESS.PAX
//SYSUT2 DD PATH='/TEST/COMPRESS9',
// PATHOPTS=(OWRONLY,OCREAT,OEXCL),
// PATHDISP=(KEEP,DELETE)
//SYSIN DD DUMMY
I received message:
ICH408I USER(ZOSUSER ) GROUP(OMVSGRP ) NAME(USER NAME ) 479
/TEST/COMPRESS9 CL(FSOBJ )
FID(00003813000000410000000000000000)
INSUFFICIENT AUTHORITY TO
OPEN
ACCESS INTENT(RW-) ACCESS ALLOWED(OWNER
---)
EFFECTIVE UID(0009999999) EFFECTIVE GID(0000000001)
The RACF persons says that I need to have OMVS segment setup for my userid
with UID(0).
I suppose UID(0) will solve the problem but it is really the only way to
solve it?.
I'm looking for a solution without UID(0), any idea on this will be
appreciated.
As additional information ZOSUSER have authority to use SU (superuser) in
OMVS environment, don't really know if this helps to this case.
Angel
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
**********************************************************************
This communication contains information which is confidential and
may also be privileged. It is for the exclusive use of the intended
recipient(s). If you are not the intended recipient(s), please note
that any distribution, copying or use of this communication or the
information in it is strictly prohibited. If you have received this
communication in error, please notify the sender immediately and
then destroy any copies of it.
**********************************************************************
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
