Previous Topic: ACL AdministrationNext Topic: Override SUPERUSER.FILESYS.FILE Authority

z/OS UNIX System ServicesManage UNIX with UNIXPRIV Class ProfilesAccess Control to File System Resources

Access Control to File System Resources

Users with the RSTDACC attribute cannot access protected resources they are not specifically authorized to access.

The RSTDACC attribute has no effect when a user accesses a UNIX file system resource. The file's “other” permission bits can allow access to users who are not explicitly authorized.

To prevent restricted users from accessing file system resources

  1. Enter the command: 
    TSS ADD(UNIXDEPT) UNIXPRIV(RESTRICTED.FILESYS.ACCESS)

    The RESTRICTED.FILESYS.ACCESS resource is defined in the UNIXPRIV class.

  2. (Optional) Enter the command: 
    setfacl -m user:thabo:rwx MyFile

    The specified restricted users are permitted to access to files by adding them or one of their groups to the file's ACL.

    Authorization changes made using the setfacl command take effect immediately.

  3. (Optional) Enter the command: 
    TSS PERMIT(userid) UNIXPRIV(RESTRICTED.FILESYS.ACCESS) ACCESS(READ)

    The specified restricted users are granted access based on the file's “other” bits.