If your RACF data base is at AIM 3 (strongly recommended), then RACF itself enforces a unique UID on RACF user ids and unique a GID on RACF group ids. But it will allow duplicates if the SHARED parameter is specified on the ADDUSER/ADDGROUP command.
On Tue, Jun 18, 2013 at 9:15 AM, Paul Gilmartin <[email protected]>wrote: > On Tue, 18 Jun 2013 08:30:46 -0500, Joel C. Ewing wrote: > > > >... This makes me suspect that the current IBM > >implementation of associating the home path with a RACF userid profile > >rather than somehow with a UID-related profile violates the spirit if > >not the letter of the UNIX standards. > > > Yup. But it has been written in these lists that there are other UNIX > implementations that likewise "violate" the spirit. IBM could still > backfill with a PARMLIB option, "BPX_UIDS_UNIQUE={YES|NO}", > and enforce uniqueness at OMVS segment definition if selected. > > IBM has some uncommon facilities such as the _BPX_SUPERUSER > attribute to remove the need to give multiple users UID 0. > > > >> On Tue, Jun 18, 2013 at 5:53 AM, Ted MacNEIL wrote: > >> > >>> I believe it's based on the first id retrieved from the RACF database > that > >>> matches. > >>> > I understand it's cached. If only one OMVS segment has been touched > lately and all the others have aged out, you'll get that one. Otherwise > it's more unpredictable. > > > >>> -----Original Message----- > >>> From: Adam > >>> Date: Tue, 18 Jun 2013 05:38:56 > >>> > >>> We have a system where two RACF userids are defined with the same uid. > >>> (This is deliberate and is intended to simplify access using NFS and > other > >>> OS.) > >>> > Don't do that. It hurts. If you want data to be sharable, that's what > GIDs > are for. > > > >>> When there are two (or more) RACF userids with the same uid in the OMVS > >>> segment, how is the value in username determined? > >>> > Years ago, there was some discussion here (perhaps Walt Farrell > contributed) > that IBM seemed to be committed to making it predictable: the oldest OMVS > segment having a given UID would always be returned. I suggested that it > would be more useful to return the OMVS segment most recently updated > because then an administrator could select from several one to be preferred > simply by making a trivial change to that OMVS segment. This was a > distinct > minority view. > > In any case, neither ever happened. > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- This is a test of the Emergency Broadcast System. If this had been an actual emergency, do you really think we'd stick around to tell you? Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
