Valid on z/OS.
Use the UNIXOPTS control option to control USS auditing and the maximum number of supplemental groups supported.
All entry methods are accepted.
This control option has the following format:
UNIXOPTS(MAXSGRPS=nnnn,DIRACC,DIRSCH,FSOBJ,FSSEC,IPOBJ,PROCACT,PROCESS) UNIXOPTS(NONE)
Specifies the maximum number of supplemental groups supported.
Range: 1 to 8192
Default: 300 (when MAXSGRPS is not specified or when UNIXOPTS is turned off)
Specifies if SMF records are cut for USS that control access checks for read/write access to directories. Some of the functions that access directories with read or write access are open, opendir, rename, rmdir, mount, mkdir, link, mknod, getcwd, and vlink. The Security Server callable services that control cutting this SMF record are ck_access and ck_owner_2_files.
Specifies if SMF records are cut for USS that control directory searches. Some of the functions that search directories are chmod, chown, chaudit, getcwd, link, mkdir, open, opendir, stat, ttyname and vlink. The Security Server callable service that controls cutting this SMF record is ck_access.
Auditing directory searches generates an extremely large amount of SMF records in a short period of time.
Specifies if SMF records are to be cut for USS that control the auditing of the creation and deletion of system objects. It also cuts SMF records for all access checks except directory searches. Some of the functions that do this are chdir, link, mkdir, open, mount, rename, rmdir, symlink, vmakedir, and vcreate. The Security Server callable services that control cutting of this SMF record are ck_access, ck_owner_2_files, ckpriv, makeISP, and R_audit.
Specifies if SMF records are cut for USS that control the auditing of changes to the security data (FSP) for file system objects. Some of the functions that modify the FSP are chaudit, chmod, chown, chattr, write, fchaudit, and fchmod. The Security Server callable services that control cutting of this SMF record are R_chaudit, R_chown, R_chmod, and clear_setid.
Specifies if SMF records are cut for USS that control the auditing of the access control, IPC object changes, and the creation and deletion of IPC objects. Some of the functions that will do this are msgctl, msgget, msgsnd, semctl, semget, semop, shmat, shmget and shmctl. The Security Server callable services that control cutting of this SMF record are ck_IPC_access, R_IPC_ctl, and makeISP.
Specifies if SMF records are to be cut for USS that control the auditing of services that look at data from or effect other processes. Some of the functions that effect other processes are getpsent, kill, ptrace, recv, recvmsg and sendmsg. The Security Server callable services that control cutting of this SMF record are ck_process_owner and R_ptrace.
Specifies if SMF records are cut for USS that control the dubbing and undubbing of processes, changes to the UIDs and GIDs of processes, and changes to the thread limits and other privileged options. Some of the functions that dub processes or change process values are exec, setuid, setgid, seteuid, setegid, dub, undub, and vregister. The Security Server callable services that control cutting of this SMF record are R_exec, R_setuid, R_setgid, R_seteuid, R_setegid, ck_priv, initUSP, and deleteUSP.
Turns off all of the options.
|
Copyright © 2013 CA.
All rights reserved.
|
|