And, of course, Third party software that installs into the filesystems may require you to be UID(0) to perform the install.
Hal, What do your auditors say about UID(0) on the non Mainframe *NIX systems? -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Porowski, Ken Sent: Tuesday, October 26, 2010 3:49 PM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] Necessity of UID zero. I should state that when I installed the Ported Tools (Outside of ServerPac (I haven't done it in a ServerPac yet). They had a couple of scripts to run where you needed to be UID(0) or SU before you ran the script. But that was just for setting up the directory structure. -----Original Message----- Starr, Alan Ken provided just about all the information that one could need. I just wanted to add that many applications which run as STCs and claim to require UID0 (e.g. because they do not issue "su") will run perfectly well if you indicate "trusted" in the STDATA segment associated with the STC's "started" resource. Doing so affords the UNIX processes / threads within the STC's address space the use of all (or, possibly, just most) "superuser" capabilities. Obviously, you have to really trust the STC to be nice about accessing datasets. Alan -----Original Message----- Ken Porowski Are you talking about the install jobs themselves or the various tasks that are part of a running system. The user submitting the install jobs (actually the USER= associated with the job) does not need UID(0) but they must have BPX.SUPERUSER. The jobs themselves will issue an SU as needed. Quite a few releases ago this was not true and the USER= had to be UID(0), not sure when this went away but it was many years ago. The various tasks that make up a working system each has their own need for UID(0) documented if it is needed. -----Original Message----- Hal Merritt Cross posed to MVS. Sorry, I don't have an account in the UNIX list. I am in the crossfire between auditors insisting that nothing needs UID 0 and sysprogs insiting that everything in their serverpac jobs must have UID zero as coded. Any suggestions? Thanks. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html