Yes, it is becoming well known that doing this look up, when the UID or GID is not unique, seems to always result in the "wrong" answer.
Which makes me curious. And perhaps a "solution". Very little work in z/OS runs without a ESM (like RACF) id and one or more active groups. So why doesn't the "id" command (or the UNIX function which is used by the id command), simply first check to see if the current UID is equal to the UID in the UNIX segment of the executing RACF id and, if so, report that as the RACF id. Similar with the reverse look up of the GID. First look at the UNIX GID of the current RACF group and use it if equal, else check the UNIX GIDs of all the other groups which are "active" and report the first which matches. Only looks at the RACF DB when one or both of these "local lookups" fails. On Wed, Jul 24, 2013 at 11:05 AM, Joel C. Ewing <[email protected]> wrote: > On 06/18/2013 05:38 AM, Adam wrote: > > We have a system where two RACF userids are defined with the same uid. > (This is deliberate and is intended to simplify access using NFS and other > OS.) > > > > My question is about the username value that is displayed in response to > the "id" command (and as file owner). > > > > The same applies to use of uid(0). For example, if I logon to TSO with > a userid (TSSAAA) that has a uid(0) and I issue the "id" command from "TSO > OMVS", it will return: > > "uid=0(TSSXXX) gid=... groups=..." > > but TSSXXX is not my userid, but that of a colleague who also has uid(0). > > > > According to the documentation - "The output has the format: > > uid=runum(username) gid=rgnum(groupname) > > where runum is the user's real user ID (UID) number, username is the > user's real user name" > > > > When there are two (or more) RACF userids with the same uid in the OMVS > segment, how is the value in username determined? > > > > Thanks, > > > > Adam > > Has been much prior discussion of this. > > "Real user name" & "real group name" in this case are derived only using > the UID/GID and are not uniquely defined when assignment of UID/GID > values are not unique. While the system's choice is not entirely > arbitrary, the short answer is from the user's standpoint the systems > choice seems arbitrary, is most often not usually what the user would > prefer/expect to see, and there is no interface to allow the user or > system programmer to control the systems choice. > > > -- > Joel C. Ewing, Bentonville, AR [email protected] > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- This is a test of the Emergency Broadcast System. If this had been an actual emergency, do you really think we'd stick around to tell you? Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
