ACF2 security definitions for SENDMAIL

book

Article ID: 126191

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



Below are the RACF commands to configure SENDMAIL security.
What are the equivalent commands for ACF2 ?

ADDGROUP SMMSPGRP OMVS(GID(25))
ADDGROUP SNDMGRP OMVS(GID(26))
ADDUSER MAILNULL DFLTGRP(SNDMGRP) NOPASSWORD OMVS(UID(26) HOME(’/’))
ADDUSER SENDMAIL DFLTGRP(SNDMGRP) NOPASSWORD OMVS(UID(0) HOME(’/’))
ADDUSER SMMSP DFLTGRP(SMMSPGRP) NOPASSWORD OMVS(UID(25) HOME(’/’))
RDEFINE STARTED SENDMAIL.* STDATA(USER(SENDMAIL))
SETROPTS RACLIST(STARTED) REFRESH
PERMIT BPX.DAEMON CLASS(FACILITY) ID(SENDMAIL) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH

 

Environment

ACF2 16.0
SENDMAIL
Z/OS 2.1 and above

Resolution

The original commands used for the conversion come from RACF. 
Below are ACF2 translated commands to configure security for SENDMAIL.

ACF2 allows the insertion of the OMVS segment with the initial INSERT of the logonid. 

SET PROFILE(GROUP) DIV(OMVS)
INSERT SMMSPGRP GID(25)
INSERT SNDMGRP GID(26)
 
SET LID
INSERT MAILNULL NAME(MAILNULL) RESTRICT GROUP(SNDMGRP) UID(26) HOME(/)
INSERT SENDMAIL NAME(SENDMAIL) STC GROUP(SNDMGRP) UID(0) HOME(/)
INSERT SMMSP NAME(SMMSP) RESTRICT GROUP(SMMSPGRP) UID(25) HOME(/)

SET RESOURCE(FAC)
RECKEY BPX ADD( DAEMON UID(uid for SENDMAIL) SEERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)