z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for changing a superuser from UID(0) to a unique nonzero UID

z/OS UNIX System Services Planning
GA32-0884-00

Before you begin: You need to know which superusers you want to change from UID(0) to a unique nonzero UID.

Perform the following steps to change a superuser from a UID of 0 to a unique nonzero UID.

  1. Change the UID for the superuser from 0 to a unique UID. Base your choice on your particular situation.
    Choices for changing superusers
    If you choose this method . . . Then . . .
    Have RACF® automatically assign an unused UID.
    1. Delete the UID from the user's OMVS segment. For example: 
      ALTUSER JOHN OMVS(NOUID)
    2. Issue the ALTUSER command with the AUTOUID keyword. For example: 
      ALTUSER JOHN OMVS(AUTOUID)

      Message IRR52177I identifies the new UID.
    Use the ISPF shell to assign the next available UID.
    1. Delete the UID from the user's OMVS segment. For example: 
      ALTUSER JOHN OMVS(NOUID)
    2. Assign a new UID, using the ISPF shell.
      Tip: You can display the user's OMVS segment to see the UID that was assigned by the ISHELL. For example: 
      LISTUSER JOHN OMVS
    Manually assign the UID. If the installation manually manages the UIDs assigned to users, select the next available UID and assign it to the user.
    Tip: To make sure the UID you selected is not already in use by another user, issue:
    SEARCH CLASS(USER) UID(7)

    Use the ALTUSER command.

    Example: Assume that the next available UID is 7 and the user ID is JOHN. To reassign the UID, issue: 
    ALTUSER JOHN OMVS(UID(7))

    _______________________________________________________________

  2. Permit the user to the BPX.SUPERUSER resource in the FACILITY class.
    Example: For user ID John: 
    PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(JOHN) ACCESS(READ)
    Tip: You can choose to RACLIST the FACILITY class afterward. This step is optional. If you do so, then you will have to do a REFRESH after the user ID is permitted to the FACILITY class. For example: 
    SETROPTS RACLIST(FACILITY) REFRESH

    _______________________________________________________________

  3. Change the ownership of the user's private files to the new UID. These files are typically those defined in the home directory.
    Example: The home directory is /u/john. Issue the following command to update the ownership of the files.
    cd /u/john
chown -R john /u/john

    Result: The owning UID of the /u/john directory is changed to 7. The owning UID of all files and subdirectories of the /u/john directory is also changed.

    Tip: The chown command requires a UID of 0, the ability to su to 0, or authority to SUPERUSER.FILESYS.CHOWN.

    _______________________________________________________________

When you are done, you have changed the superuser from a UID of 0 to a unique nonzero UID.

Parent topic: Changing a superuser from UID(0) to a unique nonzero UID

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014