Previous Topic: Choose Your Started Task Names and User IDs

Next Topic: Set HFS File Permissions

Implementing USS AuthorizationHow to Define User IDs to UNIX System Services

How to Define User IDs to UNIX System Services

To define User IDs to USS, perform the following tasks:

  1. Assign an OMVS UID.
  2. Define the OMVS segment.
  3. Create the home directory.

Note: For more information about how to define UNIX users, see IBM's UNIX System Services Planning guide.

Assign an OMVS UID

Choose an OMVS UID number to associate with the user ID. Your organization may have a policy for assigning OMVS UID numbers. If not, use a unique number, for example, 123.

Note: See IBM's UNIX System Services Planning for more information about OMVS UID numbers.

Define the OMVS Segment

The following sections show you how to define the OMVS segment to your security system for a user ID uuuuuu and UID number nnn.

/u/user-name is the home directory to associate with the user ID.

Note: For the ReportCenter user IDs, the home directory can be any directory that meets your organization's standards for home directories. It does not have to be one of the ReportCenter directories. ReportCenter uses absolute path names at all times and does not use the home directory settings.

Define the OMVS Segment to a CA ACF2 Security Subsystem

To define the OMVS Segment to a CA ACF2 Security Subsystem, enter the following:

SET PROFILE(USER) DIV(OMVS)
INSERT uuuuuu UID(nnn) HOME(/u/user-name) PROGRAM(/bin/sh)

After the segment is secured, enter the following to confirm its contents:

SET PROFILE(USER) DIV(OMVS)
LIST uuuuuu

Define the OMVS Segment to a CA Top Secret Security Subsystem

To define the OMVS Segment to a CA Top Secret Security Subsystem, enter the following:

TSS ADD(uuuuuu) HOME(/u/user-name) OMVSPGM(/bin/sh) UID(nnn) GROUP(OMVSGRP)

After the segment is secured, enter the following to confirm its contents:

TSS LIS(uuuuuu) DATA(ALL)

Define the OMVS Segment to a RACF Security Subsystem

Define the OMVS Segment to a RACF Security Subsystem, enter the following:

ALU uuuuuu OMVS(UID(nnn) HOME(/u/user-name) PROGRAM(/bin/sh))

After the segment is secured, enter the following to confirm its contents:

LISTUSER uuuuuu OMVS NORACF

Create the Home Directory

Create the /u/user-name home directory. Ensure that the UID has the appropriate access to it. Generally, users require write access to their home directories.

Example: Create Home Directory

To set up a directory called /u/user01 for the user ID 123, issue the following commands:

mkdir /u/user01
chown 123 /u/user01
chmod 0777 /u/user01

You can then confirm the owner and access to the directory by using the following command:

ls -l -d /u/user01