GROUP Profile Data Records

The GROUP profile records contain information needed by z/OS UNIX System Services and LINUX/390 applications (PAM Server) to verify user access. The profile data information segments that can be extracted for a GROUP include LINUX and OMVS.
acf2src
The GROUP profile records contain information needed by z/OS UNIX System Services and LINUX/390 applications (PAM Server) to verify user access. The profile data information segments that can be extracted for a GROUP include LINUX and OMVS.
2
2
The key of a GROUP profile record is a group name, which cannot be masked. GID numeric values can be automatically assigned with GSO AUTOIDLX and AUTOIDOM records. For more information, see Automatic UID/GID assignment (AUTOIDLX) and Automatic UID/GID Assignment (AUTOIDOM) in Global System Option Records.
OMVS Group Profile Data Records
The OMVS segment of the group profile contains information needed by z/OS UNIX System Services to verify user access. The following table includes the record ID and fields of the OMVS profile data records:
Record ID
Fields
recid
AUTOGID
GID(
gid#
)
MAPOWNER|
NOMAPOWNER
  • recid
    Specifies one- to eight-character group name. This value cannot be masked.
  • AUTOGID
    This will result in an automatically assigned GID value when there is an active GSO AUTOIDOM record that specifies ASSIGNG. The GID keyword and the AUTOGID keyword are mutually exclusive. If neither AUTOGID nor GID is specified on an insert command, and there is an active GSO AUTOIDOM record with ASSIGNG specified, AUTOGID will be assumed. AUTOGID is never assumed on a change command, the GID must be stated explicitly.
    On an insert command when neither GID nor AUTOGID is specified, and there is no active GSO AUTOIDOM record, or the AUTOIDOM record specifies NOASSIGNU, the GID number defaults to zero.
  • GID(
    gid#
    )
    A numeric field that accepts values from zero to 2,147,483,647. It defaults to 0 if GID or AUTOGID is specified on an INSERT command and there is no active GSO AUTOIDOM record, or there is an active GSO AUTOIDOM record that specifies NOASSIGNG. The GID and AUTOGID keywords are mutually exclusive.
    For more information about OMVS, see z/OS UNIX System Services Support.
  • MAPOWNER|
    NOMAPOWNER
    Specifies whether to assign a specific owner to a GID number (to provide consistency on getGMAP requests). getGMAP calls occur when you use the ls -l command to list files and obtain the owning group.
    • MAPOWNER
      Assigns an owner. MAPOWNER does not give the GID any special privileges and is used only to identify the GROUP as the owner for getGMAP requests.
      Only one MAPOWNER per GID number is permitted.
    • NOMAPOWNER
      (Default) Does not assign an owner.
    Although you can use NOMAPOWNER with the LIKE keyword, you
    cannot
    use MAPOWNER on the same command as the LIKE keyword.
Rebuild Command
If you insert or change a Group profile record and it is resident then you must issue a REBUILD command to activate the changes.
F ACF2,REBUILD(GRP),CLASS(P)
Examples
This section explains how to set up
CA ACF2
to automatically assign GID numbers for PROFILE(GROUP),DIV(OMVS) records. Readers should already be familiar with the AUTOIDOM record. For more information about the AUTOIDOM record, see the “Maintaining Global System Options Records.” Considerations are discussed for shared database environments and CPF environments.
AUTO Assignment of GID Numbers
To use this feature there must be an active GSO AUTOIDOM record. For this example, there is an AUTOIDOM record with the following fields:
CPU1/AUTOIDOM LAST CHANGED BY USER01 ON 06/26/04-14:04                   ASSIGNU ASSIGNG GIDEND(50,000) GIDNEXT(25) GIDSTART(9)                   UIDEND(2,147,483,647) UIDNEXT(195) UIDSTART(1)
The AUTOGID field is assumed on the INSERT command and does not need to be specified.
The following command inserts an OMVS Group profile record, OMVSGRP. The GID field is automatically assigned.
SET PROFILE(GROUP) DIV(OMVS)  INSERT OMVSGRP OMVS/OMVSGRP LAST CHANGED BY USER01 ON 06/26/04-16:26                    GID(25)
The following command automatically assigns the new GID value to a recently inserted OMVSGRP record. On the CHANGE command, the AUTOGID field must be specified to automatically assign the new GID value; otherwise you must explicitly specify the new GID value.
CHANGE OMVSGRP AUTOGID OMVS/OMVSGRP LAST CHANGED BY USER01 ON 06/26/04-16:30                   GID(26)
After updating the OMVS Group profile record (OMVSGRP) the AUTOIDOM record now reflects the recent updates with a new value in GIDNEXT(27).
SET CONTROL (GSO)  LIST AUTOIDOM CPU1/AUTOIDOM LAST CHANGED BY USER01 ON 06/26/04-14:04               ASSIGNU ASSIGNG GIDEND(50,000) GIDNEXT(27) GIDSTART(9)               UIDEND(2,147,483,647) UIDNEXT(195) UIDSTART(1)
SHOW OMVS
The default value range is 1 to 2,147483,647 for GIDs. Some sites may want to specify a range of numbers that are not in use by any existing GID records. To see what numbers are already in use, issue the SHOW OMVS command. If, for example, you want to see what GID values are already in use in the range 900 through 399999, you can issue:
SHOW OMVS GROUP(900-399999)
If you wish to see only the GID values that belong to more than one group, issue the ACF command:
SHOW OMVS DUPLICATES
The DUPLICATES keyword can be used together with another keyword. For example the following will show only duplicate GID values that are in the range of 1 to 2000:
SHOW OMVS GROUP(1-2000) DUPLICATES
AUTO Assignment in a CPF Environment
When the AUTOUID or AUTOGID keyword is used or implied, the keyword itself is not sent across to connected CPF nodes. Rather, the actual assigned value is sent. For example, suppose you issue the command:
SET P(GROUP) DIV(OMVS)  INS DEVGROUP AUTOGID  OMVS / DEVGROUP LAST CHANGED BY USER071 ON 02/06/04-17:16                       GID(57)
When this command is sent to other CPF nodes, it will look like this:
INS DEVGROUP GID(57)
LINUX Profile Data Records
The LINUX segment of the GROUP profile contains information needed by LINUX application (PAM Server) to verify user access.
Record ID
Fields
Recid
AUTOGIDL
LINUXGID(
gid#
)
Field Descriptions
recid
Specifies one- to eight-character
CA ACF2
logon id. This value cannot be masked.
AUTOGIDL
It automatically assigns LINUXGID value when there is an active GSO AUTOIDLX record that specifies ASSIGNG field. AUTOGIDL is implied if neither AUTOGIDL nor LINUXGID is specified on an INSERT command. AUTOGIDL is never implied on a CHANGE command, it must be stated explicitly. The LINUXGID and the AUTOGIDL keywords are mutually exclusive.
Note: When using the AUTOGIDL feature, you must have a nonqualified GSO AUTOIDLX record. The Linux segment of the GROUP profile data records do not support qualifiers.
LINUXGID(
gid#
)
A numeric field that accepts values from 0 to 2,147,483,647. It defaults to 100 if neither LINUXGID nor AUTOGIDL is specified on an INSERT command and there is no active GSO AUTOIDLX record, or there is an active GSO AUTOIDLX record that specifies NOASSIGNG. The LINUXGID and the AUTOGIDL keywords are mutually exclusive.
Rebuild Command
If you insert or change a group profile record and it is resident, then you must issue a REBUILD command to activate the changes.
F ACF2,REBUILD(GRP),CLASS(P),DIVISION(LINUX)
Examples
The following example automatically assigns a LINUXGID number using both the INSERT and CHANGE subcommand. There is an active GSO AUTOIDLX record that specifies ASSIGNG, GIDSTART(100), and GIDNEXT(100). By the end of these commands the AUTOIDLX record holds GIDSTART(100) and GIDNEXT(102).
SET PROFILE(GROUP) DIV(LINUX)  INSERT LNXGRP2 LINUX / LNXGRP2 LAST CHANGED BY USER01 ON 06/26/04-16:33         LINUXGID(100) CHANGE LNXGRP2 AUTOGIDL LINUX / LNXGRP2 LAST CHANGED BY USER01 ON 06/26/04-16:40         LINUXGID(101)