z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF authorization

z/OS Security Server RACF Callable Services
SA23-2293-00

  1. This service implements the _POSIX_CHOWN_RESTRICTED feature in POSIX 1003.1.

    Start of change If the discrete profile named CHOWN.UNRESTRICTED does not exist in the UNIXPRIV class, or the caller has no access to it, then: End of change

    • A user can change the owner z/OS UNIX user identifier (UID) value only if the user is a superuser.
    • A user can change the owner z/OS UNIX group identifier (GID) of a file if:
      • The user is a superuser,
      • Or, all of the following are true:
        • The effective UID of the calling process is equal to the owner UID of the file (that is, the user is the owner of the file).
        • The input UID is equal to the owner UID of the file or -1
        • The input z/OS UNIX group identifier (GID) is equal to the effective GID or to one of the supplemental groups of the calling process.

    Start of change If the discrete profile named CHOWN.UNRESTRICTED exists in the UNIXPRIV class, then: End of change

    • Start of change A user can change the owner z/OS UNIX user identifier (UID) if:
      • The user is a superuser
      • The effective UID of the calling process is equal to the owner UID of the file ( that is, the user is the owner of the file)
      • The caller has UPDATE access to CHOWN.UNRESTRICTED if the UID is being changed to 0, or
      • The caller has READ access to CHOWN.UNRESTRICTED if the UID is being changed to a value other than 0
      End of change
    • Start of change A user can change the owner z/OS UNIX group identifier (GID) if:
      • The user is a superuser
      • Or, all of the following are true:
        • The effective UID of the calling process is equal to the owner UID of the file (that is, the user is the owner of the file).
        • The input UID is equal to the owner UID of the file or -1
        • The input z/OS UNIX group identifier (GID) is equal to the effective GID or to one of the supplemental groups of the calling process.
      • Or, the caller has READ access to CHOWN.UNRESTRICTED and the input GID is not equal to the effective GID or to one of the supplemental groups of the calling process.
      End of change
  2. If the caller is not superuser, an authorization check is performed on the resource name in the UNIXPRIV class indicated in Table 1. If the authorization check is successful, the caller is treated as a superuser.
    Table 1. UNIXPRIV class resource names used in R_chown
    Audit function code Resource name Access required
    N/A SUPERUSER.FILESYS.CHOWN READ
  3. If the SECLABEL class is active and the file or directory has a security label, then the current security label of the process must be greater than or equal to the security label of the resource or the security label of the resource must be greater than or equal to the process's current security label, that is, the security labels are not disjoint. If MLFSOBJ is active, a failure will occur if the resource does not have a security label. Security label checking is bypassed if the ACEE indicates trusted or privileged authority or if the service has passed a system CRED.
Parent topic: R_chown (IRRSCO00): Change owner and group

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014