Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Defining group identifiers (GIDs) z/OS UNIX System Services Planning GA32-0884-00 |
|
You can assign a group identifier (GID) to a RACF® group by specifying a GID value in the OMVS segment of the RACF group profile or by using the AUTOGID keyword. When a GID is assigned to a group, all users connected to that group who have a user identifier (UID) in their user profile and whose default or current connect group has a GID in the group profile can use z/OS UNIX functions and can access z/OS UNIX files based on the GID and UID values assigned. Restriction: The limit on the number of groups that can share a GID when the RACF database is using AIM is 129. Guideline: Do not assign the same GID to multiple RACF groups. If you do,control at an individual group level is lost because the GID is used in z/OS UNIX security checks. RACF groups that have the same GID assignment are treated as a single group during z/OS UNIX security checks. They must use the SHARED keyword of the RACF ADDGROUP or ALTGROUP command if the SHARED.IDS profile is defined in the UNIXPRIV class. For more information about SHARED.IDS, see z/OS Security Server RACF Security Administrator's Guide. If you are using NFS, see Assigning UIDs and GIDs in an NFS network for more information. For special considerations when using the RACF list-of-groups checking (GRPLIST) option for access to the files and directories in the z/OS® UNIX file system, see z/OS Security Server RACF Security Administrator's Guide. |
Copyright IBM Corporation 1990, 2014
|