Define a System Default UID and GID

z/OS UNIX System Services › Controlling Access to USS › Define a System Default UID and GID

Define a System Default UID and GID

CA Top Secret provides support for default UID and GID through the OMVSUSR and OMVSGRP control options. Evaluate your security policy to determine whether all users should be given their own UIDs and GIDs. Overuse of the default feature limits your ability to audit access permissions under USS.

Note: OMVSGRP and OMVSUSR are not supported in z/OS 2.1 and above. For more information about UNIQUSER and MODLUSER, see the CA Top Secret Control Options Guide.

Use the following process to define a default UID and GID:

Define an ACID with a valid OMVS segment (for example, a UID, a HOME, and an OMVSPGM). Specifying this ACID on the OMVSUSR option makes the ACID the default to use for any users without such a segment. You make the specification dynamically or through the TSS PARMFILE, and an example is as follows:
```
TSS MODIFY(OMVSUSR(acid_name))
```
Extract the OMVS segment from a group by performing one of the following actions:
- Use control option OMVSGRP:
```
	TSS MODIFY(OMVSGRP(group_acid))
```
- Add the default group to the OMVSUSR ACID:
```
	TSS ADD(‘acid_name’) DFLTGRP(‘group_acid’)
```
Both methods define a TYPE GROUP ACID.
(Optional) Add the NOOMVSDF attribute to the user ACID to prevent a user with no UID or group from using the default values:
```
TSS ADD(acid) NOOMVSDF
```

If you define the BPX.DEFAULT.USER profile, all users will have access to z/OS UNIX. To limit access, define an OMVS segment with no UID. This prevents unauthorized users from using a UNIX service. If users must have anonymous access (for FTP or other socket use) without using the shell, define the initial program for the default user as /bin/echo.