z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Allowing z/OS UNIX users to change file ownerships

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

On z/OS UNIX systems, RACF® enforces the rules for the POSIX constant called _POSIX_CHOWN_RESTRICTED. This means that, by default, only superusers can change the ownership of any file to any UID or GID on the system, and that general users can only change the ownership of files that they own, and only to one of their own associated GIDs. However, by defining a profile called CHOWN.UNRESTRICTED in the UNIXPRIV class, you can allow selected users and groups to transfer ownership of files they own to any UID or GID on the system.
Guideline: For a more secure implementation, do not define the CHOWN.UNRESTRICTED profile.

You can define an additional profile in the UNIXPRIV class protecting a resource called SUPERUSER.FILESYS.CHOWN to authorize selectedz/OS UNIX users to transfer ownership of any file to any UID or GID. See Example of authorizing superuser privileges for an example of authorizing users using the SUPERUSER.FILESYS.CHOWN resource.

Parent topic: Using UNIXPRIV class profiles to manage z/OS UNIX privileges

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014