The short answer is that since the rules are not clearly stated anywhere
and may be subject to change outside your control, you have to assume
that any userid defined in RACF with that same UID might be returned in
response to a UNIX-context query for that UID. That the userid returned
for a multiply-assigned UID seems to be consistent for long periods
shouldn't be taken to imply there is a practical mechanism for setting
which userid might be returned -- there is not really a concept of one
userid being the "primary" one associated with a UID when multiple RACF
userids are given the same UID.
The RACF database is the only source of userid information, and in UNIX
contexts which require ownership to be strictly by UID and GID rather
than by RACF userid, there is no way to resolve the ambiguity when you
choose to define one-to-many userid to UID mappings in RACF. In the
UNIX world it is the UID that uniquely identifies who you are; in MVS
and RACF it is the RACF userid that uniquely defines the user. When
there is no one-to-one mapping between UIDs and userids, the boundary
between these two worlds has problems.
Kirk's point about a query for the home directory also being potentially
"incorrect" in such cases is well taken, since the home directory
information comes from the RACF userid profile, and if the UID is
arbitrarily associated with one of several candidate userids with
different home paths, that could also be a problem. Since in a typical
UNIX environment a unique home path is associated with a specific UID
and the username is an attribute of the UID, this ambiguity in home path
does not exist. This makes me suspect that the current IBM
implementation of associating the home path with a RACF userid profile
rather than somehow with a UID-related profile violates the spirit if
not the letter of the UNIX standards.
Joel C Ewing
On 06/18/2013 07:04 AM, John McKown wrote:
I've had it change on occasion. But it may well have been done due to my
messing around with RACF definitions. I don't remember ever reading in the
books about how this is determined. Which would make it "unspecified" and
so subject to change without notice. I.e. a PTF might change how RACF did
the look up. And an SR on it would likely get a "don't do that!" and "WAD".
The only UID that I have duplicated is a few RACF ids which map to UID==0.
And that's mainly because I can't get the time to carefully change and test
each of the "alternate" RACF ids from using UID==0 to using RACF
"superuser" profiles. My RACF id is not UID 0, but I have almost all the
"superuser" RACF profiles. And there is very little I can't do. The little
that I can't do directly, but I can do those via "sudo". At worst I do a
"sudo su -" to switch my UNIX authorities to "root".
On Tue, Jun 18, 2013 at 5:53 AM, Ted MacNEIL <eamacn...@yahoo.ca> wrote:
I believe it's based on the first id retrieved from the RACF database that
matches.
Try asking on the RACF or MBS-OE lists.
-
Ted MacNEIL
eamacn...@yahoo.ca
Twitter: @TedMacNEIL
-----Original Message-----
From: Adam <zosp...@outlook.com>
Sender: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU>
Date: Tue, 18 Jun 2013 05:38:56
To: <IBM-MAIN@LISTSERV.UA.EDU>
Reply-To: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU>
Subject: Unix ID command and username value
We have a system where two RACF userids are defined with the same uid.
(This is deliberate and is intended to simplify access using NFS and other
OS.)
My question is about the username value that is displayed in response to
the "id" command (and as file owner).
The same applies to use of uid(0). For example, if I logon to TSO with a
userid (TSSAAA) that has a uid(0) and I issue the "id" command from "TSO
OMVS", it will return:
"uid=0(TSSXXX) gid=... groups=..."
but TSSXXX is not my userid, but that of a colleague who also has uid(0).
According to the documentation - "The output has the format:
uid=runum(username) gid=rgnum(groupname)
where runum is the user's real user ID (UID) number, username is the
user's real user name"
When there are two (or more) RACF userids with the same uid in the OMVS
segment, how is the value in username determined?
Thanks,
Adam
...
--
Joel C. Ewing, Bentonville, AR jcew...@acm.org
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
