Use the following decision table to determine the value of
unix_sec in
Table 1.
The
unix_sec variable determines whether you want
to use
z/OS UNIX security,
which is a higher level of security.
z/OS UNIX provides two
levels of security:
- UNIX level security
- This is a less stringent level of security than z/OS UNIX level security.
It is for installations where system programmers have been granted
superuser authority. Programs that run with superuser authority have
daemon level authority and can issue MVS™ identity-changing
services without entering a _passwd() for the target
user ID. With this level of security, the BPX.DAEMON profile in the
FACILITY class is not defined.
- z/OS UNIX level
security
- This is a higher
level of security than z/OS UNIX level security.
It lets your system exercise more control over superusers. With this
level of security, the BPX.DAEMON profile in the FACILITY class is
defined.
Table 1. Decision
table for unix_sec| If … |
Then … |
Notes |
|---|
| You already have z/OS UNIX security set
up … |
Set unix_sec=1 |
— |
| You do not have z/OS UNIX security set
up and you do not want to set it up … |
Do not change the default of unix_sec=0 |
— |
| You do not have z/OS UNIX security set
up and you want to set it up for the first time … |
Set unix_sec=2 |
- For information about additional manual configuration,
see the section about establishing z/OS UNIX security in z/OS UNIX System Services Planning.
- If you are setting unix_sec=2, you must update
the following variables:
|
z/OS Cryptographic Services PKI Services Guide and Reference
Copyright IBM Corporation 1990, 2014