LDAPSRV Started task Require UID(0) in Top Secret?
search cancel

LDAPSRV Started task Require UID(0) in Top Secret?

book

Article ID: 204953

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

The IBM manual that states there are 3 ways to provide UID 0 access. They are as follows:

Environment

Release : 15.0

Component : CA LDAP Server

Resolution

Top Secret can use UNIXPRIV(SUPERUSER.FILESYS) or (BPX.SUPERUSER) rule. 

IBMFAC(BPX.SUPERUSER) is the same as giving UID(0), however since UID(0) has been removed and the ACID now has a unique UID, and you can pin point them for accountability

With UID(0) you can't tell which of the ID's that have that access did something.

Superuser Granularity for UNIXPRIV documented here.