Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Allowing z/OS UNIX users to change file ownerships z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
On z/OS UNIX systems, RACF® enforces the rules for the
POSIX constant called _POSIX_CHOWN_RESTRICTED. This
means that, by default, only superusers can change the ownership of
any file to any UID or GID on the system, and that general users can
only change the ownership of files that they own, and only to one
of their own associated GIDs. However, by defining
a profile called CHOWN.UNRESTRICTED in the UNIXPRIV class, you can
allow selected users and groups to transfer ownership of files they
own to any UID or GID on the system.
Guideline: For a more secure implementation, do not define
the CHOWN.UNRESTRICTED profile.
You can define an additional profile in the UNIXPRIV class protecting a resource called SUPERUSER.FILESYS.CHOWN to authorize selectedz/OS UNIX users to transfer ownership of any file to any UID or GID. See Example of authorizing superuser privileges for an example of authorizing users using the SUPERUSER.FILESYS.CHOWN resource. |
Copyright IBM Corporation 1990, 2014
|