A user denied access through the ACL can access a file system resource if they have sufficient authority to the SUPERUSER.FILESYS.FILE resource in the UNIXPRIV class.
To prevent users from using SUPERUSER.FILESYS.FILE authority to access file system resources:
TSS ADD(UNIXDEPT) UNIXPRIV(SUPERUSER.FILESYS.ACLOVERRIDE)
The SUPERUSER.FILESYS.ACLOVERRIDE resource is defined in the UNIXPRIV class.
TSS PERMIT(userid) UNIXPRIV(SUPERUSER.FILESYS.ACLOVERRIDE) ACCESS(READ)
The specified users or groups are granted exceptions to allow them to gain access based on their SUPERUSER.FILESYS.FILE authority. Permit users or profiles to the resource with the same level of access they require for the SUPERUSER.FILESYS.FILE resource.
z/OS Unix has increased the limit on the number of mutexes or condition variables that a user can define. The increased limits are only for users who are authorized to those new limits. A new UNIXPRIV profile, SUPERUSER.SHMMCV.LIMIT has been defined to control authorization to this ability.
To allow UNIX users to increase the limit on the number of mutexes or condition variables, enter:
TSS ADD(UNIXDEPT) UNIXPRIV(SUPERUSER.SHMMCV.LIMIT) TSS PER(USER1) UNIXPRIV(SUPERUSER.SHMMCV.LIMIT)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|