Hi, Yet another opportunity to demonstrate my ignorance has arisen.
I have attempted to introduce SUPERUSER granularity by exploiting UNIXPRIV within RACF. I have defined a number of resources including SUPERUSER.FILESYS.MOUNT and given UNIXGRP (my chosen name) update access which according to the z/OS 1.6 UNIX System Services Planning manual should give the users in the group the ability to issue MOUNT commands either via TSO or the shell. What actually occurs is a security violation on class FSOBJ. ICH408I USER(UNXSTU1 ) GROUP(UNIXGRP ) NAME(UNXSTU1 ID ) 978 CL(FSOBJ ) INSUFFICIENT AUTHORITY TO MOUNTSETUID EFFECTIVE UID(0000000011) EFFECTIVE GID(0000000100) There seems to be a dearth of information on FSOBJ but the implication is that FSOBJ is only used for Audit purposes and that resources cannot be defined under it. Obviously if a user is given SUPERUSER capability then the above message does not arise, but granting SUPERUSER to all and sundry is not an optimum route. Any assistance or advice would be appreciated. Kind regards - Terry Terry Sambrooks Director KMS-IT Limited 228 Abbeydale Road South Dore Sheffield S17 3LA UK Tel: +44 (0)114 262 0933 WEB: www.legac-e.co.uk Reg: England & Wales 3767263 at the above address All outgoing E-mails are scanned but it remains the recipients responsibility to ensure that their system is protected from viruses, trojans, worms, and spy-ware. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
