Before you begin: You need to know which superusers you
want to change from UID(0) to a unique nonzero UID.
Perform the following steps to change a superuser from a UID of
0 to a unique nonzero UID.
- Change the UID for the superuser from 0 to a unique UID. Base
your choice on your particular situation.
Choices for changing superusersIf you choose this method . . . |
Then . . . |
---|
Have RACF® automatically
assign an unused UID. |
- Delete the UID from the user's OMVS segment. For example:
ALTUSER JOHN OMVS(NOUID)
- Issue the ALTUSER command with the AUTOUID keyword. For example:
ALTUSER JOHN OMVS(AUTOUID)
Message
IRR52177I identifies the new UID.
|
Use the ISPF shell to assign the
next available UID. |
- Delete the UID from the user's OMVS segment. For example:
ALTUSER JOHN OMVS(NOUID)
- Assign a new UID, using the ISPF shell.
Tip: You can
display the user's OMVS segment to see the UID that was assigned by
the ISHELL. For example: LISTUSER JOHN OMVS
|
Manually assign the UID. If the installation
manually manages the UIDs assigned to users, select the next available
UID and assign it to the user.Tip: To make sure the UID
you selected is not already in use by another user, issue: SEARCH CLASS(USER) UID(7)
|
Use the ALTUSER command.
Example: Assume
that the next available UID is 7 and the user ID
is JOHN. To reassign the UID, issue: ALTUSER JOHN OMVS(UID(7))
|
_______________________________________________________________
- Permit the user to the BPX.SUPERUSER resource in the FACILITY
class.
Example: For user ID John:
PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(JOHN) ACCESS(READ)
Tip: You
can choose to RACLIST the FACILITY class afterward. This step is optional.
If you do so, then you will have to do a REFRESH after the user ID
is permitted to the FACILITY class. For example:
SETROPTS RACLIST(FACILITY) REFRESH
_______________________________________________________________
- Change the ownership of the user's private files to the new UID.
These files are typically those defined in the home directory.
Example: The
home directory is
/u/john. Issue the following command to update
the ownership of the files.
cd /u/john
chown -R john /u/john
Result: The owning
UID of the /u/john directory is changed to 7. The owning UID
of all files and subdirectories of the /u/john directory is
also changed.
Tip: The chown command
requires a UID of 0, the ability to su to 0, or authority
to SUPERUSER.FILESYS.CHOWN.
_______________________________________________________________
When you are done, you have changed the superuser from a UID of
0 to a unique nonzero UID.