Previous Topic: Set Up CA CSM User ID Without UID(0) for CA ACF2 for z/OSNext Topic: Run CA CSM on Another LPAR

Configuring CA CSMSetting Up CA CSM User ID Without UID(0)Set Up CA CSM User ID Without UID(0) for IBM RACF

Set Up CA CSM User ID Without UID(0) for IBM RACF

Modify this procedure according to your security system settings.

The CA CSM user ID is the ID that is associated with the CA CSM application server.

Follow these steps:

  1. Review the prerequisites.
  2. After the installation of CA CSM finishes, create a group with a GID definition, for example, CACSMGRP, in your security system, and specify CACSMGRP to be the default group for the CA CSM user ID and each CA CSM user.
  3. Change the owner and the group by issuing the following commands under SUPERUSER authority: 
    chown -R CA_CSM_USER_ID MSMPATH
chgrp -R CACSMGRP MSMPATH
chown -R CA_CSM_USER_ID MountPath
chgrp -R CACSMGRP MountPath
chown -R CA_CSM_USER_ID RunTimeUSSPath
chgrp -R CACSMGRP RunTimeUSSPath

    where MSMPATH, MountPath, and RunTimeUSSPath are values that are referenced in the MSMSetupOptionsFile.properties file.

    Note: When you issue the commands for RunTimeUSSPath, the following message can appear:

    EDC5129I No such file or directory

    This message is issued against the ioeagfmt file and does not affect command completion in any way. You can ignore this message.

    Important! Also, issue these commands after you run the MSMDEPLY job.

  4. In the FACILITY resource class, define the following profiles with access rights to the CA CSM user ID: 
    BPX.CONSOLE            UPDATE
BPX.SERVER             UPDATE
BPX.FILEATTR.APF       READ
BPX.FILEATTR.PROGCTL   READ
BPX.FILEATTR.SHARELIB  READ
  5. In the UNIXPRIV resource class, define the following profiles with access rights to the CA CSM user ID: 
    SUPERUSER.FILESYS.CHANGEPERMS   READ
SUPERUSER.FILESYS.MOUNT         UPDATE
SUPERUSER.FILESYS.PFSCTL        READ
  6. In the SERVAUTH resource class, define the following profiles with access rights to the CA CSM user ID: 
    EZB.FTP          READ
EZB.STACKACCESS  READ
  7. After the first task within CA CSM finishes, issue the following commands under SUPERUSER authority: 
    chown -R CA_CSM_USER_ID MountPath
chgrp -R CACSMGRP MountPath

    where MountPath is a value that is referenced in the MSMSetupOptionsFile.properties file.