Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Notices
    Preface
    Chapter 1: UNIX overview
    Chapter 2: Installation
    Chapter 3: Establish security for z/OS UNIX
    Superuser authority
    Creating a RACF environment for products and subsystems
    The RACF database and z/OS UNIX
    Identity mapping with VLF and UNIXMAP
    Application identity mapping
    RACF utilities and IRRIRA00
    Defining and managing z/OS UNIX users and groups
    User access to the z/OS UNIX shell
    UNIXPRIV class enhancements
    Shared UIDs and GIDs
    Protecting files in the file systems
    Creating and managing files and directories
    File and directory access checking
    Access control lists (ACLs)
    Creating and accessing ACLs
    Defining ACLs from the z/OS UNIX shell
    Defining ACLs from the ISHELL
    Daemons and security
    z/OS UNIX level security for daemons
    File security packet extattr bits
    Using sanction lists
    Security for servers
    Checking authority to use protected resources
    Security for operations in z/OS UNIX
    BPX.SAFFASTPATH
    BPX.JOBNAME
    BPX.STOR.SWAP
    BPX.WLMSERVER
    Security for ServerPac and CBPDO install
    Auditing for z/OS UNIX
    Chapter 4: Overview and customization of TCP/IP for z/OS UNIX
    Chapter 5: z/OS Distributed File Service zSeries File System (zFS)
    Chapter 6: USS sysplex sharing
    Chapter 7: Defining users with z/OS UNIX
    Chapter 8: Exploitation
    Chapter 9: Interacting with z/OS UNIX
    Chapter 10: Tools, functions, and programming interfaces
    Chapter 11: Administration
    Chapter 12: Tuning and performance
    Chapter 13: Maintenance of z/OS UNIX
    Chapter 14: Problem determination
    Appendix A: Managing z/OS UNIX user IDs and groups
    Appendix B: Installation files
    Appendix C: Access control list (ACL) support considerations
    Related publications
    Index
    Back cover
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • PrintPrint
    Share this Page URL
    Help

    Security for operations in z/OS UNIX > BPX.SAFFASTPATH - Pg. 173

    Note: UPDATE access is needed if the user needs to mount , chmount , or unmount file sys- tems with the setuid option; otherwise, READ access is sufficient. UNIXPRIV authorization is invoked by creating the needed resources in the UNIXPRIV class and then giving users READ authority to it, as follows: SETROPTS CLASSACT(UNIXPRIV) SETROPTS RACLIST(UNIXPRIV) RDEFINE UNIXPRIV SUPERUSER.FILESYS.PFSCTL UACC(NONE) PERMIT SUPERUSER.FILESYS.PFSCTL CLASS(UNIXPRIV) ID(ROGERS) ACCESS(READ) SUPERUSER.FILESYS.VREGISTER This profile allows a server to use the vreg() callable service to register as a VFS file server. Only READ access is required. SUPERUSER.IPC.RMID This profile allows a user to issue the ipcrm command to release IPC resources. Only READ access is required. SUPERUSER.PROCESS.GETPSENT This profile allows a user to use the w_getpsent() callable service to receive data for any process. Only READ access is required. SUPERUSER.PROCESS.KILL This profile allows a user to use the kill() callable service to send signals to any process. Only READ access is required.