Previous Topic: Manage UNIX with UNIXPRIV Class ProfilesNext Topic: Specify the Group Owner for New UNIX Files

z/OS UNIX System ServicesManage UNIX with UNIXPRIV Class ProfilesAllow UNIX Users to Change File Ownership

Allow UNIX Users to Change File Ownership

CA Top Secret enforces the rules for the _POSIX_CHOWN_RESTRICTED constant. However, you can disable the constant, allowing users to change file ownership (depending on the access level that you permit).

Follow these steps:

  1. Define the CHOWN.UNRESTRICTED resource: 
    TSS ADD(dept) UNIXPRIV(CHOWN.UN)
    dept

    Specifies the department ACID to which you are assigning ownership of the resource.

    Having this resource defined means that _POSIX_CHOWN_RESTRICTED is not in effect.

  2. Permit the user to the resource (with the appropriate access level): 
    TSS PERMIT(acid) UNIXPRIV(CHOWN.UNRESTRICTED)
ACCESS(READ|UPDATE)
    acid

    Specifies the ACID to which you are providing the permit and access.

    READ

    Lets users change ownership of files they own to any non-zero UID value or to the GID of a group to which the user is not connected.

    UPDATE

    Lets users change ownership of files they own to UID 0.

Example: Permit a UNIX User to Transfer File Ownership to Any UID or GID on a System

This example allows a UNIX user to transfer ownership of files they own to any UID (except 0) or GID on the system:

TSS PERMIT(USERX) UNIXPRIV(CHOWN.UNRESTRICTED)
ACCESS(READ)