|
- This service implements the _POSIX_CHOWN_RESTRICTED feature in
POSIX 1003.1.
If
the discrete profile named CHOWN.UNRESTRICTED does not exist in the
UNIXPRIV class, or the caller has no access to it, then:
- A user can change the owner z/OS UNIX user identifier (UID) value
only if the user is a superuser.
- A user can change the owner z/OS UNIX group identifier (GID) of a
file if:
- The user is a superuser,
- Or, all of the following are true:
- The effective UID of the calling process is equal to the owner
UID of the file (that is, the user is the owner of the file).
- The input UID is equal to the owner UID of the file or -1
- The input z/OS UNIX group identifier (GID) is equal
to the effective GID or to one of the supplemental groups of the calling
process.
If the
discrete profile named CHOWN.UNRESTRICTED exists in the UNIXPRIV class,
then:
- A user can change the owner z/OS UNIX user identifier (UID) if:
- The user is a superuser
- The effective UID of the calling process is equal to the owner
UID of the file ( that is, the user is the owner of the file)
- The caller has UPDATE access to CHOWN.UNRESTRICTED if the UID
is being changed to 0, or
- The caller has READ access to CHOWN.UNRESTRICTED if the UID is
being changed to a value other than 0
- A user can change the owner z/OS UNIX group identifier (GID) if:
- The user is a superuser
- Or, all of the following are true:
- The effective UID of the calling process is equal to the owner
UID of the file (that is, the user is the owner of the file).
- The input UID is equal to the owner UID of the file or -1
- The input z/OS UNIX group identifier (GID) is equal
to the effective GID or to one of the supplemental groups of the calling
process.
- Or, the caller has READ access to CHOWN.UNRESTRICTED and the input
GID is not equal to the effective GID or to one of the supplemental
groups of the calling process.
- If the caller is not superuser, an authorization check is performed
on the resource name in the UNIXPRIV class indicated in Table 1. If the authorization check is
successful, the caller is treated as a superuser.
Table 1. UNIXPRIV class resource names used in R_chownAudit function code |
Resource name |
Access required |
---|
N/A |
SUPERUSER.FILESYS.CHOWN |
READ |
- If the SECLABEL class is active and the file or directory has
a security label, then the current security label of the process must
be greater than or equal to the security label of the resource or
the security label of the resource must be greater than or equal to
the process's current security label, that is, the security labels
are not disjoint. If MLFSOBJ is active, a failure will occur if the
resource does not have a security label. Security label checking is
bypassed if the ACEE indicates trusted or privileged authority or
if the service has passed a system CRED.
|