Previous Topic: Defining an ACID as a USS UserNext Topic: Define USS Groups

z/OS UNIX System ServicesControlling Access to USSDefine USS Users

Define USS Users

USS recognizes ACIDs by their assigned UID. The OMVS segment of a user ACID defines the UID, the user’s home directory, and the initial program that the user runs. The initial program is generally the shell program that the user invokes.

Note: The MSCA ACID cannot be used to sign on to USS.

To define a USS user, enter the following command:

TSS ADD(acid) UID(user_id)
               [HOME(/u/pathname)]
               [OMVSPGM(/bin/sh)]
acid

Identifies the ACID that you are defining as a USS user.

UID(user_id)

Specifies a unique numeric ID for maintaining individual accountability and control in USS. All ACIDs require a UID. You cannot assign a UID value that is already assigned to another ACID, unless the value is 0. Specifying 0 indicates that the user is a superuser that passes all USS security checks and can access all UNIX files.

Important! To eliminate unauthorized access risks, any ACID that is assigned UID(0) should also be assigned a non-expiring password. You can issue command TSS REPL(acid) PASS(xxxx,0), where acid identifies the ACID receiving the password and xxxx specifies the password.

Other than the required started task ACIDs, all ACIDs should have non‑zero UIDs and be permitted the necessary authorities in CA Top Secret resource class IBMFAC plus file permissions. IBMFAC is equivalent to the IBM FACILITY class.

Range: 0 to 2,147,483,647

HOME

(Optional) Specifies the path name of the initial directory that is used when a user enters the OMVS command or enters the ISPF shell. You can use uppercase and lowercase characters. If you do not define HOME, USS sets the initial directory for the user to the root directory.

Range: 1 to 1024 characters

OMVSPGM

(Optional) Specifies the user’s USS shell program. This program is the first program started when the user specifies the OMVS command or a USS batch job is started (using the BPXBATCH program). You can specify uppercase and lowercase characters. If you do not define OMVSPGM, USS gives control to the default shell program.

Range: 1 to 1024 characters

Example: Define a USS User

This example defines user OMVSU2 as a regular user:

TSS ADD(OMVSU2) UID(199)
                HOME(/u/omvsu2)
                OMVSPGM(/bin/sh)

Example: Define a Superuser

This example defines user OMVSUSR as a superuser:

TSS ADD(OMVSUSR) UID(0)

HOME and OMVSPGM are not defined, so USS assigns defaults for these fields.