z/OS Using REXX and z/OS UNIX System Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Writing setuid and setgid REXX programs

z/OS Using REXX and z/OS UNIX System Services
SA23-2283-00

Setting the set-group-ID-on-execution (setgid) permission means that when a file is run, the calling process's effective GID is set to the file's owner GID; the process seems to be running under the GID of the file's owner, rather than that of the actual invoker.

Setting the set-user-ID-on-execution (setuid) permission means that when a file is run, the calling process's effective UID is set to the file's owner UID; the process seems to be running under the UID of the file's owner, rather than that of the actual invoker.

Like any other setuid or setgid program, a REXX program should not allow the user of the program to get control in your environment. Some examples of instructions that can let a user obtain control are:
  • Interactive trace.
  • Calling external functions or subroutines: Using a relative pathname can let the user get control if the user sets the PATH variable. External functions and subroutines run under the UID and GID of the main program, regardless of their setuid and setgid mode bits.
Parent topic: Using TSO/E REXX for z/OS UNIX processing

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014