Commands to implement SSHD ( Solid State Hybrid Drive ) in Top Secret.

Release: Top Secret 16.0
Component: TSSMVS

 Top Secret commands to implement SSHD:

Create the SSHD privilege separation user:
 TSS CRE(SSHDG) NAME(SSHDG) TYPE(GROUP) GID(xxx)
 TSS CRE(SSHD) TYPE(USER) NAME(SSHD) PROTECTED  FAC(STC)
 TSS ADD(SSHD) GROUP(SSHDG)  DFLTGRP(SSHDG UID(yy) HOME('/var/empty') PROGRAM('/bin/false')

Choose an acid to start the daemon:
The acid used to start the daemon needs UID(0), must not be the SSHD acid, needs read access to IBMFAC(BPX.POE) and also needs read access to IBMFAC(BPX.DAEMON).
Example:
Assuming the acid you choose is OMVSKERN
TSS ADD(OMVSKERN) UID(0)
TSS PER(OMVSKERN) IBMFAC(BPX.POE) ACC(READ)
TSS PER(OMVSKERN) IBMFAC(BPX.DAEMON) ACC(READ)

The SSHD daemon requires program control and noshareas extended attributes:
Program control in CA-TOP SECRET means that FETCH or READ authorities for the library are needed to execute the programs in the library.
TSS ADD(owning-acid) DSN(CEE.SCEERUN)
TSS ADD(owning-acid) DSN(SYS1.LINKLIB)
TSS PER(acid) DSN(CEE.SCEERUN) ACC(READ)
TSS PER(acid) DSN(SYS1.LINKLIB) ACC(READ)

SHAREAS or NOSHAREAS is not related to security. It has to do with the OMVS command and the shell running in the same (shared) TSO/E address space saving one address space per user and simplifying transaction accounting as managed by the operating system.