You can set security options for the remote z/OS agent. When setting up multi-user agent security, consider the following information:
Note: IBM recommends assigning BPX.SUPERUSER authority. For more information about assigning authority, see IBM's z/OS UNIX System Services Planning Guide. The users who start the multi-user agent must have read access to facility BPX.DAEMON.
Use the following RACF commands as reference when setting up multi-user agent security:
RDEFINE FACILITY BPX.DAEMON UACC(NONE)
This command defines the facility for the daemon.
RDEFINE FACILITY BPX.SUPERUSER UACC(NONE)
This command defines the facility for the super user.
SETROPTS CLASSACT(FACILITY)
This command refreshes RACF.
SETROPTS RACLIST(FACILITY)
This command refreshes RACF.
ALTUSER <username> OMVS (UID(nn) HOME('<homedir>' PROGRAM('bin/sh'))
This command assigns access to the facility where the <username> is the user ID who starts the multi-user agent.
PERMIT BPX.DAEMON CLASS(FACILTY) ID(<userid>) ACCESS(READ)
This command assigns access to the facility where the <username> is the BPX.SUPERUSER who starts the multi-user agent.
PERMIT BPX.FILEATTR.* CLASS(FACILITY)ID(<userid>) ACCESS(READ)
This command grants access to set program control (for example, apf and shared) using the extattr command, where the <username> is the user ID who starts the multi-user agent.
rl facility bpx.daemon authuser
This command checks access to the bpx.daemon facility.
rlist program *
This command lists program control.
|
Copyright © 2013 CA.
All rights reserved.
|
|