UNIXPRIV(SUPERUSER.FILESYS) ACCESS(READ) rather than UID(0). If this resource is owned and permitted, when will it be used

search cancel

UNIXPRIV(SUPERUSER.FILESYS) ACCESS(READ) rather than UID(0). If this resource is owned and permitted, when will it be used

book

Article ID: 12637

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

What is causing access failure when attempting to list a USS directory

ck_access <acid> OMVSGRP nnn 8 8 4

Environment

Release: TOPSEC00200-16-Top Secret-Security
Component:

Resolution

The UNIXPRIV feature is used for non superuser ACIDs, I.e. for an ACID having a non uid(0) and not being allowed to issue the "su" command. For an ACID with UID(0), the UNIXPRIV checks will not take place.

Check TSSUTIL Report or run a SECTRACE to see the UNIXPRIV resource.

example:

UNIXPRIV(SUPERUSER.FILESYS.DIRSRCH) and UNIXPRIV(SUPERUSER.FILESYS.FILE)

TSS PER(acids) UNIXPRIV(SUPERUSER.FILESYS.)

Feedback

thumb_up Yes

thumb_down No