POSIX Support in CA VM:Secure › VMSECURE POSIX File

Previous Topic: Querying and Changing POSIX Information

Next Topic: Systems Management API Support

VMSECURE POSIX File

The VMSECURE POSIX file, which resides on the CA VM:Secure DRCT minidisk, contains the POSIX group definitions. Use this file, instead of the USER DIRECT file, to define POSIX groups.

Each record in the VMSECURE POSIX file identifies a POSIX group.

Note: For information about the format of the POSIXGROUP record, see IBM’s CP Planning and Administration guide.

The VMSECURE POSIX file can also contain comments, blank lines, and the *ED= special comment.

You can include an edit special comment (*ED=) in the VMSECURE POSIX file. CA VM:Secure maintains this comment with the date and time of last update of the VMSECURE POSIX file, the userid that last updated the file, the process used to update the file, and the date the file was first updated.

CA VM:Secure reads the VMSECURE POSIX file as part of its initialization process. If it encounters an invalid POSIXGROUP statement, it sends a diagnostic message to the CA VM:Secure console and to the CA VM:Secure system operator. This operator is a userid you specify on the SYSOPER record in the PRODUCT CONFIG file.

CA VM:Secure validates all GIDs and GNAMEs in the source directory against those defined in the VMSECURE POSIX file. If CA VM:Secure encounters a GID or GNAME that is not defined, initialization is terminated with the appropriate error messages.

CA VM:Secure ignores the VMSECURE POSIX file when running on z/VM systems that do not support it.

You can edit the VMSECURE POSIX file while CA VM:Secure is running by using the ADMIN POSIX command. To use the POSIX parameter, you must have at least ADMIN POSIX authorization through a GRANT record in the AUTHORIZ CONFIG file. You can also use the ADMIN, ADMIN *, or ADMIN *ALL authorizations to provide the necessary level of security.

The following figure is a sample VMSECURE POSIX file that shows the GNAME in the second column and the GID in the third column, as follows:

*ED=
* POSIX GROUPS FOR THE XYZ DIVISION

POSIXGROUP      Admin         101
POSIXGROUP      FINANCE       102
POSIXGROUP      MARKETING     103
POSIXGROUP      Sales         104
POSIXGROUP      TechPubs      105

* POSIX GROUPS FOR THE ACM DIVISION

POSIXGROUP      AdminA        201
POSIXGROUP      AdminB        202
POSIXGROUP      ENGI          203
POSIXGROUP      TCOM          204