Before you begin: CHOWN.UNRESTRICTED must be
a discrete profile. Matching generic profiles are ignored.
Perform the following steps to set up the CHOWN.UNRESTRICTED profile.
- Define the discrete profile in the UNIXPRIV class
called CHOWN.UNRESTRICTED:
RDEFINE UNIXPRIV CHOWN.UNRESTRICTED UACC(NONE)
_______________________________________________________________
- Permit the user or group with the appropriate access
level. UPDATE access is required in order to change ownership to UID
0. READ access is required to change ownership to any other UID value,
or to the GID of a group to which the user is not connected. For
example:
PERMIT CHOWN.UNRESTRICTED CLASS(UNIXPRIV)ID(GRPX) ACCESS(READ)
If
you do not activate the UNIXPRIV class and activate SETROPTS RACLIST
processing for the UNIXPRIV class, only superusers are allowed to
transfer ownership of files to others._______________________________________________________________
- Activate the SETROPTS RACLIST processing for the UNIXPRIV class,
if it is not already active.
SETROPTS RACLIST(UNIXPRIV)
If
SETROPTS RACLIST processing is already in effect for the UNIXPRIV
class, you must refresh SETROPTS RACLIST processing in order for the
CHOWN.UNRESTRICTED profile to take effect.SETROPTS RACLIST(UNIXPRIV) REFRESH
_______________________________________________________________
When you are done, you have set up the CHOWN.UNRESTRICTED profile
in the UNIXPRIV class.