Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 6. Security customization > z/OS UNIX security: BPX.SUPERUSER - Pg. 208

6.8 z/OS UNIX security: BPX.SUPERUSER SYSADM GID=10 RACF FACILITY Class BPX.SUPERUSER BLACK JANE BROWN BLACK UID=5 JANE UID=6 BROWN UID=7 Regular User $ ==>su # ==>chown ... Superuser RDEFINE FACILITY BPX.SUPERUSER UACC(NONE) PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(BLACK) ACCESS(READ) Figure 6-8 Using BPX.SUPERUSER to define superuser authority Superuser authority with BPX.SUPERUSER profiles There is an alternative way of defining superusers. Define system administrators in RACF with non-zero UIDs, and give them READ access to a RACF FACILITY class called BPX.SUPERUSER. Users with this authority will be able to temporarily switch to become superuser when this authority is required for administrative tasks. These users can use any of the following methods to switch to superuser: In the z/OS UNIX shell, use the command su (switch user). This command creates a subshell where the user will have superuser authority and authorized commands can be executed. When the subshell session is ended, the user returns to the first shell session as a regular user. Use the ISHELL command to enter the z/OS UNIX ISPF Shell. Select the option to switch to superuser state. The user will then have superuser authority until the user exits the ISHELL environment. After gaining superuser authority in the ISHELL, the user can do a split screen in ISPF and enter the OMVS command. The z/OS UNIX shell that is started inherits the superuser authority set up in the ISHELL. Chapter 6. Security customization 195