Setting classes for a user's process

The access permission bits are set for three classes. When a user's process accesses a file, the system determines the class of the process and then uses the permission bits for that class to determine if the process can access the file. For a file, a process can be in only one class. The class for a process can be different for each file or directory.

The class is one of the following:

Owner class: Any process with an effective UID that matches the UID of the file.
Group class: Any process with an effective GID or supplemental group GID that matches the GID of the file when the UIDs do not match.
Other class: Any process that is not in the owner or group class, such as when the UIDs or GIDs do not match.

By default, the system sets the UID and GID of the file when the file is created:

The UID is set to the effective UID of the creating process.
The GID is set to the GID of the owning directory. You can define FILE.GROUPOWNER.SETGID to change this behavior; see Steps for setting up the FILE.GROUPOWNER.SETGID profile.

To change the UID of a file, a person with superuser authority, or the file owner with appropriate access to the CHOWN.UNRESTRICTED profile in the UNIXPRIV class, can enter a chown command or use the chown() callable service. To change the GID of a file, a superuser or the file owner (that is, a process in the owner class) can enter a chgrp command or use the chgrp() function. You can define profiles in the UNIXPRIV class to grant RACF® authorization for certain z/OS® UNIX privileges, as explained in Using UNIXPRIV class profiles.

If you want to specify that, by default, the group owner of a new file is to come from the effective GID of the creating process, you need to set up a profile in the UNIXPRIV class called FILE.GROUPOWNER.SETGID. Steps for setting up the FILE.GROUPOWNER.SETGID profile describes the process.